W32/Protoride-Q

Aliases	Worm.Win32.Protoride.gen W32.Protoride.Worm
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Network shares
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	14 September 2004 08:11:14 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Protoride-Q is a network worm with backdoor Trojan capabilities.

W32/Protoride-Q spreads by scanning a network for open shares and will attempt to copy itself to the startup folder of network computers as IEXPLORER.EXE.

In order to run automatically each time Windows is started, W32/Protoride-Q sets the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows Taskbar Manager = <path to worm>

W32/Protoride-Q may also copy itself to the Windows System folder as RDPTY.EXE.

W32/Protoride-Q will remain resident, running in the background and listen for commands from remote users over IRC channels.

The backdoor Trojan component of W32/Protoride-Q can be used to:

perform denial of service (DOS) attacks by flooding.
provide a SOCKS4 server.
download and run files.
list and kill processes.
hide processes by registering them as a service process.
scan other computers for open ports.
list the computer's Remote Access Service (RAS) or dialup accounts.
list cached passwords stored on the computer.
set and list registry entries.

W32/Protoride-Q may also set the following registry entry:

HKLM\Software\BeyonD inDustries\ProtoType[v2]

W32/Protoride-Q will try to copy itself to the following network startup folders:

\Documents and Settings\All Users\Start Menu\Programs\StartUp\
\Documents and Settings\All Users\Start Menu\Programlar\BASLANGIC\
\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\
\Documents and Settings\All Users\Start-menyn\Program\Autostart\
\Documents and Settings\All Users\Menu Iniciar\Programas\Iniciar\
\Documents and Settings\All Users\Menu Inicio\Programas\Inicio\
\Documents and Settings\All Users\Menu Demarrer\Programmes\Demarrage\
\Documents and Settings\All Users\Menuen Start\Programmer\Start\
\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
\Documents and Settings\All Users\Menu Start\Programy\Autostart\
\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
\Documents and Settings\All Users\Kaynnista-valikko\Ohjelmat\Kaynnistys\
\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart\

\WINDOWS\All Users\Start Menu\Programs\StartUp\
\WINDOWS\All Users\Start Menu\Programlar\BASLANGIC\
\WINDOWS\All Users\Start-meny\Programmer\Oppstart\
\WINDOWS\All Users\Start-menyn\Program\Autostart\
\WINDOWS\All Users\Menu Iniciar\Programas\Iniciar\
\WINDOWS\All Users\Menu Inicio\Programas\Inicio\
\WINDOWS\All Users\Menu Demarrer\Programmes\Demarrage\
\WINDOWS\All Users\Menuen Start\Programmer\Start\
\WINDOWS\All Users\Menu Start\Programma's\Opstarten\
\WINDOWS\All Users\Menu Start\Programy\Autostart\
\WINDOWS\All Users\Menu Avvio\Programmi\Esecuzione automatica\
\WINDOWS\All Users\Kaynnista-valikko\Ohjelmat\Kaynnistys\

\WINDOWS.000\Start Menu\Programs\StartUp\
\WINDOWS.000\Startmenu\Programme\Autostart\
\WINDOWS.000\Menu Iniciar\Programas\Iniciar\
\WINDOWS.000\Menu Inicio\Programas\Inicio\

\WIN95\Start Menu\Programs\StartUp\
\WIN95\Start Menu\Programlar\BASLANGIC\
\WIN95\Startmenu\Programme\Autostart\
\WIN95\Start-meny\Programmer\Oppstart\
\WIN95\Start-menyn\Program\Autostart\
\WIN95\Menu Iniciar\Programas\Iniciar\
\WIN95\Menu Inicio\Programas\Inicio\
\WIN95\Menu Demarrer\Programmes\Demarrage\
\WIN95\Menuen Start\Programmer\Start\
\WIN95\Menu Start\Programma's\Opstarten\
\WIN95\Menu Start\Programy\Autostart\
\WIN95\Menu Avvio\Programmi\Esecuzione automatica\
\WIN95\Kaynnista-valikko\Ohjelmat\Kaynnistys\

\WIN98\Start Menu\Programs\StartUp\
\WIN98\Start Menu\Programlar\BASLANGIC\
\WIN98\Startmenu\Programme\Autostart\
\WIN98\Start-meny\Programmer\Oppstart\
\WIN98\Start-menyn\Program\Autostart\
\WIN98\Menu Iniciar\Programas\Iniciar\
\WIN98\Menu Inicio\Programas\Inicio\
\WIN98\Menu Demarrer\Programmes\Demarrage\
\WIN98\Menuen Start\Programmer\Start\
\WIN98\Menu Start\Programma's\Opstarten\
\WIN98\Menu Start\Programy\Autostart\
\WIN98\Menu Avvio\Programmi\Esecuzione automatica\
\WIN98\Kaynnista-valikko\Ohjelmat\Kaynnistys\

\WINME\Start Menu\Programs\StartUp\
\WINME\Start Menu\Programlar\BASLANGIC\
\WINME\Startmenu\Programme\Autostart\
\WINME\Start-meny\Programmer\Oppstart\
\WINME\Start-menyn\Program\Autostart\
\WINME\Menu Iniciar\Programas\Iniciar\
\WINME\Menu Inicio\Programas\Inicio\
\WINME\Menu Demarrer\Programmes\Demarrage\
\WINME\Menuen Start\Programmer\Start\
\WINME\Menu Start\Programma's\Opstarten\
\WINME\Menu Start\Programy\Autostart\
\WINME\Menu Avvio\Programmi\Esecuzione automatica\
\WINME\Kaynnista-valikko\Ohjelmat\Kaynnistys\

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Protoride-Q

Summary

Action

More Information