32.welchia and symantec problems

[Vince Poroke]

When I try to access Symantecs site it states that the site is
unavailable at this time. Norton notified me that I have 32.Welchia
but it didn't do anything to remove it and I can't access the updates.
What should I do?

 

[Trafton]

Hi Vince,

Have you tried running Symantec's Welchia removal tool? It can be found
here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

Feel free to post back if this doesn't solve your problem. Also, when you
do, please note where the file is located (i.e. C:\Folder\virusfile.exe).
Thanks!

Sincerely,
Benjamin Johnstone-Anderson
Microsoft MVP - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/

 

[Vince Poroke]

Hi Vince,

Have you tried running Symantec's Welchia removal tool? It can be found
here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html

Feel free to post back if this doesn't solve your problem. Also, when you
do, please note where the file is located (i.e. C:\Folder\virusfile.exe).
Thanks!

Sincerely,
Benjamin Johnstone-Anderson
Microsoft MVP - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/

I appreciate any help that you can give me. When I try to enter
Symantec's site I get "The page cannot be displayed" same as when I
click your link. I don't know what to do. I can't even download the
packs that I need from MS web page because the scan portion won't come
up.

 

[Jim]

I had the same problem on the same day. I was installing
Office 2003 and attempted to register via dial up. It
would not register, then I rebooted and could not acccess
certain programs (Norton anti virus, add/remove programs
and MSN would not sign in). I have checked for any new
viruses, and re installed Windows 2000 but I still cannot
access the internet or remove Office 2000)

 

[Trafton]

Hi Steveman,

W32/Welchia infection is NOT a good way to patch. The worm can crash
networks and introduce problems. Several cases of incorrect patching have
been reported. It is much better to download it from the WindowsUpdate site.

Sincerely,
Benjamin "Trafton" Johnstone-Anderson
Microsoft MVP - Windows Security
Remove "SPAM" from email address to reply!
Security Manifest: www.msmvps.com/trafton/

 

[Guest]

The problem navigating you are experiencing is due to the fact that the worm redirected Internet site addresses to your local IP. If you look in your local HOSTS file you will see things like www.symantec.com 127.0.0.1. This means that any attempts to get to sites like this will just point back to your box and therefore fail

Look under c:\winnt\system32\drivers\etc\ for the HOSTS file. Delete all of these bogus entries and you'll be fine. This is a lot quicker and easier than wiping out the OS and reinstalling from scratch!