w32.welchia.worm (Symantec def.)

  • Thread starter Thread starter Jay Nichols
  • Start date Start date
J

Jay Nichols

After writing binary zeroes over my entire disk array and
reformatting the disks I loaded W2K server. Following
that I went to the MS update site and let them decide what
updates were necessary and applied them. Then I loaded
the NAV virus from my NAV server with the 8/27 virus
updates. the scan reported 5 instances of the virus.

I have reported this to MS by phone. I also sent an email
to Symantec. MS indicates that I might have had the virus
attack my server between the time I had W2K raw loaded and
the time I had completed loading the updates from
them. ??? I suppose that would be possible, but no
other computers, servers or workstations, in my site have
the infection. My conclusion is the MS download site is
infected. My consultant is setting one of his servers to
binary zeroes and trying the same method I used to see if
he comes up with the same problem.
 
If you expose a fresh installed W2K to the internet without having at least
SP3 and ms03-026 installed, it is very well possible you did get infected.
It has nothing to do with the MS download site. The worm (blast) will find
your computer very fast.
The best thing to do, is put SP4 and ms03-026 on a CD and install that
before you connect to the internet.
If you're connected to a network, all servers and clients should have the
ms03-026 installed.

Marina
 
Back
Top