themax90 Posted July 22, 2006 Posted July 22, 2006 (edited) I just got the Nachi Worm, apparently some idiot in Mid-West USA just let out a bunch of old viruses on the internet, thus the attacks on my dad, grandfather, and finally me. It came through a Microsoft RPC bug.http://en.wikipedia.org/wiki/Nachi_wormI recommend you all run this script because it may be on your computer without even knowing it.Excutable:http://www.filefactory.com/dlf/f/bb30ba/b/...742fc2ea809efedJust click Search, and if you find it click remove. It will ask you to restart your computer to complete it with a Yes/No option.I know it may not be useful but since a few people I know have it, I thought you might like to try it.Disclaimer:I, nor any parties associated, not limited to AutoIt Forums, Developers, Users, Moderators, AutoIt Smith(said direct party "Max Gardner") shall ever be held responsible for any actions ran by this script. If you do not agree, then please exit and delete the program. If you continue, you accept this agreement to not hold said party/s liable for any damages done to personal, intellectual, or virtual properties of said client (you) who is running this software.WARNING : If you "HAPPEN" to be running a WINS server on your HOME PC then do not run this. However since most people do not use WINS, if you have no idea what I am talking about as a WINS Server then you can run this with no problem. Edited December 28, 2012 by Jon
Helge Posted July 22, 2006 Posted July 22, 2006 (edited) I tested your script and it said my computer was infected. I downloaded Symentec's removal tool which said it wasn't infected. "C:\Windows\System32\Wins" existed (hidden), but didn't contain any files. Edited July 22, 2006 by Helge
MHz Posted July 22, 2006 Posted July 22, 2006 I recommend you all run this script because it may be on your computer without even knowing it.No thanks.A script that looks at the size of System32\Wins folder and deletes system files in a blind attempt to fix some maybe infection? I'm not sure if a Win2K OS would like this and could leave a system unbootable. I think you need to take care with sharing scripts like this. Your post also gives no warnings or good descriptions to what this script can do
Helge Posted July 22, 2006 Posted July 22, 2006 (edited) I'm not attempting to be rude or anything Smith, but I did actually raise my eyebrowssome sceptical centimeters when I saw the way you did the checking. I also agree withMHz, and I think adding a msgbox for confirmation is the least you can do.Personally I would also add an agreement, where you disclam the responsibility for anythingthat might happen to the computer when using your script Edited July 22, 2006 by Helge
themax90 Posted July 22, 2006 Author Posted July 22, 2006 (edited) %systemdir%\Wins is created by the virus. It does not edit any files that are required for any Windows system to run. I repeat, the folder is CREATED by the virus. Running this will in NO way effect your computer but to get rid of it. It turns out Heldge that you have had the virus already but it was removed. Here is the information:http://vil.nai.com/vil/content/v_100559.htmhttp://www.symantec.com/security_response/...-99&tabid=2http://www.viruslist.com/en/viruslist.html?id=65727@MhzI know exactly what I am doing. If you do not like it, do not run it. WINS is not used by windows. As I said before it USUALLY is CREATED by the virus.If you really want a disclaimer then add this.SplashTextOn("", "I, nor any parties associated, not limited to AutoIt Forums, Developers, Users, Moderators, AutoIt Smith(said direct party "Max Gardner") shall ever be held responsible for any actions ran by said program. If you do not agree, then please exit and delete this program. If you continue, you accept this agreement to not hold said party/s liable for any damages done to personal, intellectual, or virtual properties of said client (you) who is running this software.") Sleep(5000) SplashOff()Disclaimer:I, nor any parties associated, not limited to AutoIt Forums, Developers, Users, Moderators, AutoIt Smith(said direct party "Max Gardner") shall ever be held responsible for any actions ran by this script. If you do not agree, then please exit and delete the program. If you continue, you accept this agreement to not hold said party/s liable for any damages done to personal, intellectual, or virtual properties of said client (you) who is running this software. Edited July 22, 2006 by AutoIt Smith
MHz Posted July 22, 2006 Posted July 22, 2006 (edited) @MhzI know exactly what I am doing. If you do not like it, do not run it. WINS is not used by windows. As I said before it USUALLY is CREATED by the virus.Wins is folder that does exist after Windows is freshly installed. I have always had a Wins folder on WinXP. Edited July 22, 2006 by MHz
themax90 Posted July 22, 2006 Author Posted July 22, 2006 You have the disclaimer. No need to argue henceforth.
MHz Posted July 22, 2006 Posted July 22, 2006 You have the disclaimer. No need to argue henceforth.All I can say is that it is sad that you choose to make some disclaimer for not Warning people to deleting System files from their PC and making things possibly worse. And you base that on the Wins folder that already exists for a purpose. You may get burnt when someone suffers.
themax90 Posted July 22, 2006 Author Posted July 22, 2006 (edited) @Mhz Ok listen. Idiot. The file folder wins is not used by windows in ANY WAY. There is no way it would make it worse. Unless you are running a server on your HOME PC, then I do not think it will effect shit. The disclaimer has been posted. Please drop the subject. Edit 1 : Look above I posted the disclaimer and a WINS Server warning. However since Microsoft sucks and nobody really trusts there server software anymore, it seems rather pointless. Edited July 22, 2006 by AutoIt Smith
MHz Posted July 22, 2006 Posted July 22, 2006 @MhzOk listen. Idiot. The file folder wins is not used by windows in ANY WAY. There is no way it would make it worse. Unless you are running a server on your HOME PC, then I do not think it will effect shit. The disclaimer has been posted. Please drop the subject.http://support.microsoft.com/kb/244810/Who is the idiot?
themax90 Posted July 22, 2006 Author Posted July 22, 2006 (edited) • Microsoft Windows 2000 Advanced Server• Microsoft Windows 2000 Datacenter Server• Microsoft Windows 2000 ServerAs I have all ready posted a warning about servers please drop the subject. I am not the idiot, you are for not reading what I said. Please just drop the subject. I have already had a bad enough day in the middle of 110 degree heat. I am sorry if I am being negitive, but disclaimers and warnings have been posted. Get off it.Edit 1 : Look above I posted the disclaimer and a WINS Server warning. However since Microsoft sucks and nobody really trusts there server software anymore, it seems rather pointless.WARNING : If you "HAPPEN" to be running a WINS server on your HOME PC then do not run this. However since most people do not use WINS, if you have no idea what I am talking about as a WINS Server then you can run this with no problem.Posted before your reply. Edited July 22, 2006 by AutoIt Smith
Helge Posted July 22, 2006 Posted July 22, 2006 This is great... we're commenting a script in a friendly matter and is because of that being called idiots. Well thats nice.
themax90 Posted July 22, 2006 Author Posted July 22, 2006 No, it is not directed at you. Notice I did not use a plural sense. I said Idiot for mhz not realizing it is a server issue, after I have already posted a warning about it.
themax90 Posted July 22, 2006 Author Posted July 22, 2006 Once again I do apologize for rough words, the heat is getting to me and I havn't quite been myself today.
WTS Posted July 22, 2006 Posted July 22, 2006 (edited) lol i think thats funny what the worm does in the descriptionThe Welchia worm, also known as the "Nachia worm," is a computer worm that exploits a vulnerability in the Microsoft Remote procedure call (RPC) service similar to the Blaster worm. However unlike Blaster, it tries to help the user by downloading and installing security patches from Microsoft, so it is a helpful worm. Though even as it implies no harm, it can increase network traffic, reboot the infected computer, and more importantly—it operates without consent and does not log anything. It has had several different variants and childworms. It was discovered on August 18, 2003.Once in the system, the worm would patch the vulnerability it used to gain access (thereby actually securing the system against other attempts to exploit the same method of intrusion) and run its payload, a series of Microsoft patches. It then would attempt to remove the "W32/Lovsan.worm.a" by deleting MSBLAST.EXE. If still in the system, the worm was programmed to self-remove on January 1, 2004, or after 120 days of processing, whichever would have come first.While this worm did no apparent damage to individual systems — indeed, it actually helped to secure certain systems — it did create vast amounts of traffic by its transmission method, thereby slowing down the Internet and the Microsoft website. The worm also made some systems unstable by its workings, and, once the patches had been installed, it rebooted the system. Because of these effects, the worm was perceived as a threat, and a patch was released by all major anti-viral companies.Fixing a system infected with the Welchia worm is very simple, involving several command-line processes: Edited July 22, 2006 by WTS
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now