W32.Welchia.Worm

V

Vito Corleone

September 27 2003


I am running windows 2000 Server (stand alone) with
Symantect Antivirus 8.0 Corporate Edition. I also did
updated all the patches.

Folks, I have kept getting this message all the time

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Welchia.Worm
File: C:\WINNT\system32\wins\DLLHOST.EXE
Location: C:\WINNT\system32\wins
Computer: SERVER2000
User: SYSTEM
Action taken: Delete failed : Quarantine failed : Access
denied
Date found: Sat Sep 27 21:22:06 2003

I scanned the entire computer and found that DLLHOST.exe
was infected and set the configuration to Delete and no
quarantine if virus found. But the darn Synmantec wont
delete.

Anyone know any remendies? Your advices always usefull
and appreciated.

Thank you.

Vito Corleone
President of Export & Import Oliver Oil
Head of the 5 Families
New York
 
G

Guest

Perhaps this is worth a try... I've used this technique successfully with other System Files and Folders.

Remove the system drive and put it into another computer as a DATA drive... a non w2k OS would be helpful, unless the drive is NTFS.

Delete the offending system file and replace it with a clean copy...
If deleting doesn't work, then try renaming it... (ie: from DLLHost.exe to DLLHost.ex_ )

Reinstall your system drive into your computer...
(you could also try to do this in DOS... with a boot disk...?)

However, I would make sure you have a REALLY good backup... since I notice that you signed your post as:
Vito Corleone
President of Export & Import Oliver Oil
Head of the 5 Families
Click to expand...
.....and I don't want to find any dead fish at my front door... or get my legs broken if it doesn't work! ;)))

You may contact me directly, if you wish, through www.cgriese.net

----- Vito Corleone wrote: -----

September 27 2003


I am running windows 2000 Server (stand alone) with
Symantect Antivirus 8.0 Corporate Edition. I also did
updated all the patches.

Folks, I have kept getting this message all the time

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: W32.Welchia.Worm
File: C:\WINNT\system32\wins\DLLHOST.EXE
Location: C:\WINNT\system32\wins
Computer: SERVER2000
User: SYSTEM
Action taken: Delete failed : Quarantine failed : Access
denied
Date found: Sat Sep 27 21:22:06 2003

I scanned the entire computer and found that DLLHOST.exe
was infected and set the configuration to Delete and no
quarantine if virus found. But the darn Synmantec wont
delete.

Anyone know any remendies? Your advices always usefull
and appreciated.

Thank you.

Vito Corleone
President of Export & Import Oliver Oil
Head of the 5 Families
New York
 
R

rex

I had the same problem. One of the Norton dialogs had a
link to the removal tool on their site. The tool works.

rex
 
S

Silence Seeker

Vito Corleone said:
I scanned the entire computer and found that DLLHOST.exe
was infected and set the configuration to Delete and no
quarantine if virus found. But the darn Synmantec wont
delete.

Anyone know any remendies? Your advices always usefull
and appreciated.
Click to expand...

One more way (does not require Internet access or any other tools):
1. Restart your computer and press F8 at boot, then select "Safe Mode
with Command Line".
2. At the command line type: cd \WINNT\system32\wins
3. Then: del dllhost.exe
4. Exit

That's it. :)

Sam
 
D

David Bowen

Been there...done this....
Go to the Symantec web site and look
for the Welchia worm definition which
will lead you to a scan/fix download
called "Fixwelch.exe". Run it to remove
the infected files. If you have deleted
the dllhost.dll (5kb in size) from the
\windows\system32 folder then you will
have to replace it as this is not the
infected file

Vito Corleone said:
I scanned the entire computer and found that DLLHOST.exe
was infected and set the configuration to Delete and no
quarantine if virus found. But the darn Synmantec wont
delete.

Anyone know any remendies? Your advices always usefull
and appreciated.
Click to expand...

One more way (does not require Internet access or any other tools):
1. Restart your computer and press F8 at boot, then select "Safe Mode
with Command Line".
2. At the command line type: cd \WINNT\system32\wins
3. Then: del dllhost.exe
4. Exit

That's it. :)

Sam
 
D

David Bowen

OOPS...not dllhost.dll but dllhost.exe...sorry!!

Been there...done this....
Go to the Symantec web site and look
for the Welchia worm definition which
will lead you to a scan/fix download
called "Fixwelch.exe". Run it to remove
the infected files. If you have deleted
the dllhost.dll (5kb in size) from the
\windows\system32 folder then you will
have to replace it as this is not the
infected file

Vito Corleone said:
I scanned the entire computer and found that DLLHOST.exe
was infected and set the configuration to Delete and no
quarantine if virus found. But the darn Synmantec wont
delete.

Anyone know any remendies? Your advices always usefull
and appreciated.
Click to expand...

One more way (does not require Internet access or any other tools):
1. Restart your computer and press F8 at boot, then select "Safe Mode
with Command Line".
2. At the command line type: cd \WINNT\system32\wins
3. Then: del dllhost.exe
4. Exit

That's it. :)

Sam
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

W32.Esbot.C virus cannot be removed by NAV 2
welchia worm 4
W32.Welchia.Worm 3
Infected file 1
W32.Welchia.worm 3
Virus 4
Virus in winnt/system32/dllhost.exe 2
WINNT\system32\uwryljwu5.exe any ideas? 2

Top