System 'Worm'?

message from =?Utf-8?B?Ym9i?= on 8 Jun 2004
The 'eTrust EZ antivirus' that we have loaded on our pc has identified a 'worm' in the following directory.
C:\SystemVolumeInformation\Restore{CDE24C46-EC88-4BB8-AACB-EFBAF9A77EFO}\RP59\AOO12019,exe is WIN32 nachi, B worm.
Can you advise firstly what a 'worm' is and secondly if this requires attention?
Thanks
 
Mike replied to =?Utf-8?B?Ym9i?= on 8 Jun 2004
Was there no suggestion that you quarantine or delete the file?

'worm' in the following directory.
C:\SystemVolumeInformation\Restore{CDE24C46-EC88-4BB8-AACB-EFBAF9A77EFO}\RP5
9\AOO12019,exe is WIN32 nachi, B worm.
 
Kaylene aka Taurarian replied to =?Utf-8?B?Ym9i?= on 8 Jun 2004
Yes, it requires attention.

http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
for information on the worm
http://www.symantec.com.au/avcenter/venc/data/w32.welchia.worm.removal.tool.html

How antivirus software and System Restore work together
http://support.microsoft.com/default.aspx?scid=kb;en-us;831829

Right click [My Computer] [Properties] then click on System Restore tab.
Put a check in the box for Disable Restore on all drives.
Click apply, then Reboot your PC.
After the system reboots, navigate to the System Restore tab and turn it back
on. Click apply.
Once System Restore has been turned back on, the computer needs to be rebooted
again so that System Restore can create a new point (although a manual point can
be created, by navigating to [System Tools] [Restore...] and choose [Create a
Restore Point] and then providing a name for the new restore point).
If you decide not to do the 2nd reboot this will result in the next Point being
created 'within the next 24 hours'.

Check your System Restore to see if the new restore point has been created.

"bob" <anonymous@discussions.microsoft.com> wrote in message
news:AD396E89-DB81-4471-A06D-3C2A148A5F3F@microsoft.com...
'worm' in the following directory.
C:\SystemVolumeInformation\Restore{CDE24C46-EC88-4BB8-AACB-EFBAF9A77EFO}\RP59\AO
O12019,exe is WIN32 nachi, B worm.
 

Archived message: System 'Worm'? (Microsoft WinXP)
 
Note: To make this discussion more readable on the page the original messages have been edited to remove most of the references and quoting.