You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Panda Security Product Line 2012

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Nachi.A

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Nachi.A
Technical name:W32/Nachi.A
Threat level:Medium
Alias:W32/Nachi.Worm, W32.Welchia.Worm, Worm_MSBLAST.D
Type:Worm
Effects:  

It exploits the RPC DCOM and WebDAV vulnerabilities in order to spread. It can uninstall the worm Blaster and delete the file carrying this worm.

Affected platforms:

Windows XP/2000/NT

Detection updated on:Jan. 2, 2004
StatisticsNo
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover
Country of origin:CHINA

Brief Description 

    

Nachi.A is a worm that infects only Windows 2003/XP/2000/NT computers. Nachi.A exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.

Nachi.A spreads by attacking remote computers and exploits the vulnerability mentioned above to download a copy of itself to the compromised computer. In order to do this, Nachi.A incorporates its own TFTP (Trivial File Transfer Protocol) server.

Nachi.A can uninstall the worm Blaster, by ending its process and deleting the file carrying the worm.

If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patch from the Microsoft website. Click here to access the web page for downloading the patch.

Moreover, Nachi.A can use another exploit known as WebDAV. More information about this vulnerability and the corresponding patch are available here.

Visible Symptoms 

    

A clear indication that Nachi.A has reached the computer is that the network traffic increases on the TCP 135 and 707 and UDP 69 ports.