Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Protoride-C

Feb 11, 2004 1:49AM PST

Aliases
Backdoor-AZJ, Win32/Protoride.C, W32.Protoride.Worm, WORM_PROTORIDE.A

Type
Win32 worm

Description
W32/Protoride-C is a Windows worm that spreads via network shares. The worm also has a backdoor component that allows unauthorised remote access to the computer via IRC channels.
W32/Protoride-C attempts to copy itself to the Windows system folder with the filename rdpty.exe and then set the following registry entry to point to this file so that it is run before all EXE files:

HKCR\exefile\shell\open\command

W32/Protoride-C attempts to copy itself to msupdate.exe in the startup folder of shared network computers

W32/Protoride-C may also set the following registry entry:
HKLM\Software\BeyonD inDustries\ProtoType[v2]

http://www.sophos.com/virusinfo/analyses/w32protoridec.html

Discussion is locked