You must have administrative rights to run this tool.
Did you use the tool?
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
BEFORE YOU DOWNLOADED AND USE TOOL DID YOU READ "ALL" THE INSTRUCTIONS?
Like disable system restore, Check the Publisher Authenticity confirmation dialog box. Etc Etc Etc...
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
http://www.pchell.com/virus/welchia.shtml
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies....
http://www.squarebox.co.uk/javatips.html
Hows your java looking? Is it infected?
http://java.sun.com/webapps/getjava/BrowserRedirect?locale=en&host=www.java.com:80
The MSJVM is outdated (Java 1.1.4 as oppsed to 1.4.2 from Sun, the creator of Java) and shouldn't be used.
Update detection checker @ site 1
http://www.virtualmachine.tk/
And the Unicode on your printer?
http://support.microsoft.com/default.aspx?kbid=212380
Failure of complete removal of the worm will require you to reinstall windows.
Looks like fun, pick whatever you think fits since you know more of the story....
I am working on a Dell Dimension 2350, which the customer claims has the Welchia virus. I ran the fix from Symantec and it came up clean. Norton AV auto-protect was disabled and a full scan had not been done.
I am running a scan now and have noticed in Msconfig two entries running which are unidentified (the name is all square boxes) and the locale is a registry entry. This looks suspicious and if anyone has info on this type of action I would appreciate input.
Next stop after NAVs scan will be AVG online, then Spybot and the rest.
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic