W32/Protoride-Z

Aliases	Worm.Win32.Protoride.gen
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


How it spreads	Network shares
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	15 December 2004 14:48:12 (GMT)
Detected by	All Sophos products

Sophos beta program
Register now for our latest beta tests

Endpoint Security and Control 9.0
Small business solutions 4.0

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/Protoride-Z is a network worm with backdoor functionality.

W32/Protoride-Z targets remote network shares allowing, at the same time, remote access to the infected computer via IRC channels. W32/Protoride-Z is a Windows worm that spreads via network shares. The worm also has a backdoor component that allows unauthorised remote access to the computer via IRC channels.

W32/Protoride-Z attempts to copy itself to the Windows system folder with the filename rdpty6.7.6.exe, and then set the following registry entry so as to run itself before all EXE files:

HKCR\exefile\shell\open\command

W32/Protoride-Z attempts to copy itself to msupdate.exe in the startup folder of shared network computers.

W32/Protoride-Z may also set the following registry entry:

HKLM\Software\BeyonD inDustries\ProtoType[v6.7.6.]

W32/Protoride-Z remains resident, running in the background as a service process and listening for commands from remote users via IRC channels.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

W32/Protoride-Z

Summary

Action

More Information