W32.Protoride.B


Aliases: W32/Protoride.worm, W32/Protoride-V, Worm.Win32.Protoride.al
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 28 Dec 2004
Damage: Medium

Characteristics: W32.Protoride.B first appeared on December 28, 2004. This worm propagates via network shares and opens a back door that allows an attacker to access to the computer. This worm mostly affects Windows 2000, 95, 98, Me, NT and XP.

More details about W32.Protoride.B

When W32.Protoride.B is executed, it adds the value "Windows Taskbar Manager" = "[path to worm executable]" to a particular system registry key. The worm attempts to access the $IPC share of any existing network drive wherein it can connect to with the use of the privileges of the logged-in user. Then, the worm produces copies of itself using internat.exe and comands.exe as the files to any directories in the local and shared drives. After that, the worm opens an IRC back door on TCP 6667 by connecting quilmes.sytes.net, quilmes1.sytes.net and quilmes3.sytes.net. This would allow the attacker to execute commands in the computer.

According to experts, this program can disable the running processes of applications that are on the affected computer. These processes may include those of security and anti-virus programs. The system is more susceptible in acquiring threats when it is not protected by a security application. Apart from disabling processes, it is also capable of disabling the whole system itself. This results in abrupt shutdowns and restarts of the affected computer. This severely compromises the affected machine.