Back Orifice Detection and Removal
What's worse than a virus on your system? A program that gives control of your computer to someone connecting to it through the Internet.
|By now you've probably heard of the infamous program "Back Orifice" developed by a group of hackers called the Cult of the Dead Cow (CDC). They've produced a program that "is a remote administration system which allows a user to control a Win95 machine over a network using a simple console or GUI application. On a local LAN or across the internet, BO gives its user more control of the remote Windows system than the person at the keyboard of that machine."|
Thought you were safe "just surfing the net"...Think again!
Method of Deletion for Back Orifice
Here's a manual method of detection and removal of the Back Orifice program from your Win95 or Win98 machine.
The program installs itself (unless otherwise defined by the person who installed it) as .exe (space dot exe), or unnamed. Usually, it will locate itself in the C:\Windows\System directory. It will show up as a blank spot if viewing the files on your C: drive in Windows Explorer. Click on View> Options (or Folder Options using IE 4.X) and make sure that Show All Files is checked and that Show Extensions for Known File Types is also enabled.
The catch is that you will not be able to delete the program if the system is running, because the program is designed to run at boot-up. To get around this, you will need to delete the program's reference in the system Registry.
IF YOU DO NOT KNOW WHAT THE REGISTRY IS, OR YOU ARE UNCOMFORTABLE EDITING THE REGISTRY, FIND SOMEONE WHO KNOWS WHAT THEY ARE DOING TO HELP YOU!!! CORRUPTING THE REGISTRY CAN CRASH YOUR SYSTEM!
You have been warned....
In the Registry, left-hand window:
- Go the HKEY_Local_Machine, click on the + to expand the key.
- Expand SOFTWARE
- Expand Microsoft.
- Expand Windows.
- Expand Current version.
- Left-click once on RunServices.
The key value for the boserve.exe program will appear in the right-hand side. Delete the entry for ( .exe).
Reboot your system. You can now delete the unamed executable from the c:\windows\system directory.
This will not fix every installation of the boserve.exe program because it can be renamed by the person who installed it on your system or placed in a different directory. This will work only on installations which were done with no customization to the program.
Automatic Detection and Removal of Back Orifice (Boserve.exe) also NetBus
Automatically detect and delete the infamous "Back Orifice" program from from Win95 or Win98 computer with the "BoDetect" program developed by Chris Benson. Visit his web page for the last version of BoDetect. It now will safely detect and remove the Back Orifice 2000 program.
Warning about BoSniffer.zip - supposed to be a removal program - its really a Trojan virus
This BODETECT program will automatically detect the Back Orifice program and rename it to a safe name BACKORIFICE.BOD, which you can safely delete by using the Start, Find, Files or Folders option in Windows 95 or Windows 98.
|Recommended Software for PC Hell Visitors|
iolo System Mechanic®
Emsisoft Anti Malware