Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.


Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Nachi.A
Technical name:W32/Nachi.A
Threat level:Medium
Alias:W32/Nachi.Worm, W32.Welchia.Worm, Worm_MSBLAST.D

It exploits the RPC DCOM and WebDAV vulnerabilities in order to spread. It can uninstall the worm Blaster and delete the file carrying this worm.

Affected platforms:

Windows XP/2000/NT

Detection updated on:Jan. 2, 2004
Proactive protection:
Yes, using TruPrevent Technologies
Repair utility:Panda QuickRemover
Country of origin:CHINA

Brief Description 


Nachi.A is a worm that infects only Windows 2003/XP/2000/NT computers. Nachi.A exploits the Buffer Overrun in RPC Interface vulnerability to spread to as many computers as possible.

Nachi.A spreads by attacking remote computers and exploits the vulnerability mentioned above to download a copy of itself to the compromised computer. In order to do this, Nachi.A incorporates its own TFTP (Trivial File Transfer Protocol) server.

Nachi.A can uninstall the worm Blaster, by ending its process and deleting the file carrying the worm.

If you have a Windows 2003/XP/2000/NT computer, it is highly recommendable to download the security patch from the Microsoft website. Access the web page for downloading the patch.

Moreover, Nachi.A can use another exploit known as WebDAV. More information about this vulnerability and the corresponding patch are available here.

Visible Symptoms 


A clear indication that Nachi.A has reached the computer is that the network traffic increases on the TCP 135 and 707 and UDP 69 ports.