No announcement yet.

Way Way OT - virus 'Welchia_ICMP_Scan' question

  • Filter
  • Time
  • Show
Clear All
new posts

    Way Way OT - virus 'Welchia_ICMP_Scan' question

    Here's a weird one: My Norton Internet Security burped tonight, having intercepted the above attack. So far, so good. The weird thing is, it was FROM my IP ( TO someone else (216.x.x.x).

    I clicked the 'more information' button, which leads to symantec's web site, which gives a list of the virus profiles... and this virus is NOT ON IT!

    A search of their entire site for the above-named signature came up empty; there is a Welchia WORM (4 variants)... I ran the worm removal and it came up empty.

    My liveupdate is up to date; I update it every day and run a scan every night.

    Weird? Has anyone else seen this? As I said, it's way OT, but this is the best collection of brain power I know...

    EDIT: Finally found something via google: This is a false positive; a virus signiture update sometime around the end of March put this bug in. Near as I can tell, it's caused by Yahoo messenger doing a ping of the Yahoo site. This pings looks like an attack to NIS. Hopefully Symantec will fix this shortly.

    I gather no-one else has this problem!