Welchia Removal Tool

Welchia Removal Tool crack / serial

Welchia Removal Tool is a small yet effective means of cleaning the Win32.Worm.Welchia malware.

For Windows XP systems, it uses the Windows DCOM RPC vulnerability described in MS03-026 security bulletin, to infect new computers.

Welchia Removal Tool

Download Welchia Removal Tool crack and serial

 

For systems that have the IIS service, it uses the Windows WebDav vulnerability described in MS03-007 security bulletin, to infect new computers.

When ran it looks for Win32.Msblast.A worm file (msblast.exe) and tries to remove it from the computer. It also attempts to download the patch for the DCOM RPC vulnerability and to install it. If it successfully installs it, it restarts the computer without notice.

After infecting a remote computer, it opens a random TCP port between 666 and 765, on the remote computer so as to send commands to it.

It uses the TFTP file transfer protocol to copy the worm body: dllhost.exe, and the TFTP server: tftpd.exe, that will be renamed to svchost.exe after copying in %system32%wins.

It creates two services: Network Connections Sharing with the path to executable: %system32%winssvchost.exe and WINS Client with the path to executable: %system32%winsdllhost.exe, that are set to run automatically, so that the worm will be active, even if no user is logged on the computer.

The worm contains some text strings: I love my wife & baby :), Welcome Chian, Notice: 2004 will remove myself:) and sorry zhongli. It is true, from the year 2004 it would uninstall itself from the infected machine.

The mutex that it uses not to run twice on the same computer is named RpcPatch_Mutex.

Released: Aug 7th 2010 Rating: 4.6
Size: 58 KB Downloads: 4988
Systems: Win All

User replies

07 June 2018, geovanne said:

Patched. Thks

Leave a reply

Your email will not be published. * Required fields

Website search

Recently updated

Free Virus Removal Tool for W32/Crypt Trojan Free Virus Removal Tool for W32/Crypt Trojan A utility for detecting and erasing the Crypt virus
Free Virus Removal Tool for W32/Lipler Trojan Free Virus Removal Tool for W32/Lipler Trojan Erase the Lipler malware from your PC
Free Virus Removal Tool for W32/QQPass Trojan Free Virus Removal Tool for W32/QQPass Trojan Find and remove the QQPass Trojan from infected computers, which steals your usernames and passwords, using this portable utility

Software News

Jan 21
Three WordPress plugins have been picking up quite the glare of attention this month after researchers found serious vulnerabilities in them-and the numbers are sobering, in that these plugins have been installed on more ...
Jan 20
Teaching online video game players to save lives, not take them-that is the aim of a new product developed in an unusual collaboration between the creators of the wildly popular Fortnite games and the International Committee ...
Jan 17
Researchers from Dartmouth and the Massachusetts Institute of Technology (MIT) have developed an original approach to flight scheduling that, if implemented, could result in a significant increase in profits for airlines ...
Jan 15
The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could allow hackers to intercept seemingly secure communications.
Jan 14
If you're still using Microsoft's Windows 7, your computer might soon be at risk.
Jan 9
Microsoft says it has developed a technique to detect online predators who try to groom children for sexual purposes using the chat function in multiplayer video games.
Jan 9
Apps are still alive and well, and when it comes to gaming, incredibly popular and still thriving.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.