Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How Does the Welchia Worm Infect My Computer?

Computer infect worm
0
Posted

How Does the Welchia Worm Infect My Computer?

0 CommentsAdd a Comment

1 Answer

0

• Copies itself to the Wins directory in the System or System32 folder in Windows usually C:\Windows\System32\Wins\Dllhost.exe for Windows XP or C:\WinNT\System32\Wins\Dllhost.exe for Windows NT/2000 There is a legitimate file called Dllhost.exe (about 5-6K) in the System32 directory. • Makes a copy of the TFTP server (TFTPD.exe) from the Dllcache directory to the following directories. C:\Windows\System32\Wins\svchost.exe for Windows XP or C:\WinNT\System32\Wins\svchost.exe for Windows NT/2000 NOTE: Svchost.exe is a legitimate program, which is not malicious, found in the System32 directory • Creates the following services: Service Name: RpcTftpd Display Name: Network Connections Sharing File: %System%\wins\svchost.exe This service will be set to start manually. Service Name: RpcPatch Display Name: WINS Client File: %System%\wins\dllhost.exe This service will be set to start automatically. • Ends the process, MSBLAST, and delete the file %System%\msblast.exe which is dropped by the wo

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123