Don't it just piss ya,

good bloody track record, leave the helm to become a salesman and some BSOD allows some **** in on my network..

OK here is the story.. Ofice manager grabbs my attention, that there's some warning on our Accounts pc.. there it is in full glorry, MsUpdate.exe in the startup and associated reg entries all asssociated with win32.protoride.c a quick bit of reasearch and the little bugger is in the bin.. oh all the while the routers and hubs are off.. wasn't the boss pissed.. he wanted the network active while I elliminated a Network aware worm.. bit like aog chassing its tail..huh..
found one other machine infected.. the only other machine that the BSOD had allowed Root share on the network..
Now the question HOW THE $#$# DID the thing get in? the info I have is next to **** useless, tells me protride is network aware and what it attempts.. but not how the hell it spreads.. or did I miss something...?

The infected machines were both Win98, (because of the backwoods DOS Product Database we have to use),

While The system is supposed to use a Smoothwall Gateway/firewall for the Internet access for B2B, and the Crap DOS Application database updates, I suspect the Lazy office Staff with help of BSOD have had been using the PC's internal modem..which is now in the recycle bin..the System on first reboot after looking at the problem insisted on connecting to the ISP via the Dialup..hmmm ..

Ok my thoughts on the infection.. or how it entered the machine..

1/ Product DB update.. there are several files arrive via the programms own dl proto from headoffice, beside this there is a simple messageing system, the files are in a ZIP compressed file oh and encrypted.. (scannig with the CA virus scanner on this zip normally won't work)
2/ Open door while the machine was on the internet.. but file and printer sharing was off for the dialup con...
3/ A new staff member had brought some files from home on a FDD and edited them on the machine in question.. these were Excel files and the disk was scanned later in a test system and nill found on the disk..
4/ A staff member had been checking their Yahoo mail box, and while no mails with attachments had been opened nor mails of a sus nature.. (and no information as to protoride being email bourn)

(that last one scared the crap out of several staff as I fliped through the pages in order of visit.. stumbling on the Yahoo visits.. and another staff members f..up at a b2b site..lol)

so How the heck are Worms like Protoride spreading? this is so I can block that door b4 BSOD returns to work.

I am strongly recommending the canning of the two WIn98 machines for win2k or XPpro.. hanging the body of the Yahoo visiter near the Accounts PC, as a reminder to all who break the und3rtak3rs rules. and shooting any staff member who circumvent the path to the gateway/firewall..


Cheers guys

BTW.. Nihil.. regprot is running onall boxes in the shop except BSOD's.. and the AV updates are d/l'd and installed at the sametime as the DB updates..

oh BTW.. who is BSOD.. well it is a what.. Blue Screen of Death.. my name for extreem ****tards..