Welchia Removal Tool icon

Welchia Removal Tool

2 big stars
Welchia Removal Tool screenshot
Name: Welchia Removal Tool
Works on: windowsWindows 7 and above
Developer: Bitdefender LLC
Version: 1
Last Updated: 27 Feb 2017
Release: 07 Aug 2010
Category: Antivirus > Removal Tools
Rate this software:
1225 downloads
screenshotsView Screenshots(1)
commentsComments
downloadDownload
Liked it? Tell others:
details

Welchia Removal Tool Details

Works on: Windows 10 | Windows 8.1 | Windows 8 | Windows 7 | Windows 2012
SHA1 Hash: 32be36fa75107f2b6c3e59ad8db3d22131fb5211
Size: 58.88 KB
File Format: exe
Rating: 2.04347826 out of 5 based on 23 user ratings
Downloads: 1225
License: Free
Welchia Removal Tool is a free software by Bitdefender LLC and works on Windows 10, Windows 8.1, Windows 8, Windows 7, Windows 2012.
You can download Welchia Removal Tool which is 58.88 KB in size and belongs to the software category Removal Tools.
Welchia Removal Tool was released on 2010-08-07 and last updated on our database on 2017-02-27 and is currently at version 1.
download button
Thank you for downloading from SoftPaz! Your download should start any moment now. It would be great if you could rate and share:
Rate this software:
Share in your network:
features

Welchia Removal Tool Description

Welchia Removal Tool is a small yet effective means of cleaning the Win32.Worm.Welchia malware.
For Windows XP systems, it uses the Windows DCOM RPC vulnerability described in MS03-026 security bulletin, to infect new computers.
For systems that have the IIS service, it uses the Windows WebDav vulnerability described in MS03-007 security bulletin, to infect new computers.
When ran it looks for Win32.Msblast.A worm file (msblast.exe) and tries to remove it from the computer. It also attempts to download the patch for the DCOM RPC vulnerability and to install it. If it successfully installs it, it restarts the computer without notice.
After infecting a remote computer, it opens a random TCP port between 666 and 765, on the remote computer so as to send commands to it.
It uses the TFTP file transfer protocol to copy the worm body: dllhost.exe, and the TFTP server: tftpd.exe, that will be renamed to svchost.exe after copying in %system32%\wins.
It creates two services: Network Connections Sharing with the path to executable: %system32%\wins\svchost.exe and WINS Client with the path to executable: %system32%\wins\dllhost.exe, that are set to run automatically, so that the worm will be active, even if no user is logged on the computer.
The worm contains some text strings: I love my wife & baby :), Welcome Chian, Notice: 2004 will remove myself:) and sorry zhongli. It is true, from the year 2004 it would uninstall itself from the infected machine.
The mutex that it uses not to run twice on the same computer is named RpcPatch_Mutex.
screenshots

Welchia Removal Tool Screenshots

Welchia Removal Tool screenshot 1
similarSimilar Software