Back Orifice Windows 10
by Anthony Stirk aka Upuaut
Contributions from Chris Benson, Joseph Lo and Rich Lafferty.
- Exit Windows Explorer and reboot your computer. Congratulations, Back Orifice has now been removed from your system. NOTES: As mentioned above, Back Orifice can also be installed with a file name other than the '.exe' name. By default, BO uses '.exe', but it can also be configured by the hacker to be anything.
- New and improved Back Orifice targets Windows NT July 7, 1999 Web posted at: 10:36 a.m. Releasing a hacking tool like Back Orifice 2000 in the name of safeguarding computer.
Back Orifice Unix Client: Unix client with sourcecode. (1998-Aug-09) Formerly you had to have a Windows machine to control another Windows machine. Now you can do it from a Unix system. BUTTplugs: Back Orifice server plugins. (1998-Aug-10) New functionality for Back Orifice brought to you by people we've never even heard of.
The original version of this page is at <http://www.irchelp.org/irchelp/security/bo.html>
Table of Contents
Back Orifice Windows 10 64-bit
1. What is Back Orifice
1.1 Is Back Orifice a virus?
1.2 Is Back Orifice a trojan horse?
1.3 Are any other IRC clients vulnerable?
2. What if I have Back Orifice?
2.1 How do I know if I have Back Orifice?
2.2 How do I get rid of Back Orifice?
2.3 How can I prevent getting Back Orifice?
2.4 How can I prevent this from happening in the future?
3. Miscellaneous Questions.
3.1 What will Back Orifice do to my computer?
3.2 Will it hurt other files on my hard drive?
1. What is Back Orifice?
Back Orifice is purportedly a remote administration tool that allows systemadministrators to control a computer from a remote location (i.e. across theinternet). In reality it is a highly dangerous backdoor designed by acracking group called the Cult of the Dead Cow Communications. It is usuallydistributed by malicious people in the form of a Trojan Horseattack. During installation, it does not give any indication ofwhat is really going on. Once installed, the server is intentionally difficultto detect on your machine, yet allows almost complete control over yourcomputer by the remote attacker.
1.1 Is Back Orifice a virus?
Back Orifice is not a virus. Viruses reproduce on their own. The BackOrifice server has to be willingly accepted and run by its host before it canbe used. However it is usually distributed claiming to be something else.
1.2 Is Back Orifice a trojan horse?
It could be considered a trojan horse. In the case where a user accepts aprogram, and runs the program without understanding what it is. The serverprogram gets distributed purporting to be something else e.g. PAMMY.EXE .People run it and nothing appears to happen so they ignore it, the serverdeletes itself as well after running.
1.3 Are any other IRC clients vulnerable to Back Orifice?
Back Orifice is NOTHING to do with IRC at all. It is a program that allowsusers to control Windows 95/98 machines via the internet. Any Windows 95/98machine connected to the internet is at risk. Unfortunately due to the natureof IRC it spreads quicker via this medium than any other. The directions belowfor prevention should be taken into consideration by all IRC users runningWindows 95/98.
[Return to top]
2. What if I have Back Orifice?
2.1 How do I know if I have Back Orifice ?
The most common symptoms are strange things happening, programs closing,opening of their own accord. The big give away is people on IRC announcingthey can control your machine, then demonstrating this graphically byrebooting it.
Running the BODetect program on a non-affected machine will cause NOproblems and will provide peace of mind :)
2.2 How do I get rid of Back Orifice?
There are two fixes we are going to offer here. The first is a program youcan download and run . The second is a manual fix. The reason for the twosolutions is this : We feel it may be hypocritical to tell you not todownload and run programs from untrusted sources, then provide a fix for youto download and run :) We therefore give you the choice - you only need touse one of these methods to remove Back Orifice.
The Automated Fix
This fix program (BODetect) was written by Chris Benson who works forSymantec. It is $20 shareware with 30 day freetrial and no nagging or crippling. Download it Chris’s own site orwww.download.com orwww.hotfiles.com.
Simply download and run the program, we urge you to read the accompanyingREADME.TXT
The Manual Fix
This fix is for those of you who want to heed our good advice and NOT runprograms for ‘untrusted’ sources. It has been used successfully to remove BackOrifice from an infected machine but is not as complex as the Automated Fixprovided above. It also involves you making alterations to your registry. WeURGE you to make a backup of your registry before you begin (instructions fordoing this can be found in the Appendixes of your Windows 95/98 manual). Itshould also work for Windows 98 machines but has not been tested on thisplatform.
_IRCHELP.ORG accepts no responsibility should this procedure go wrong andmess your machine up. _MAKE A BACKUP !
 _place_holder;
- Press the START button.
Select _R_UN , type REGEDIT
Using the **+ **to expand the branches, locate the following key :
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
- On the right hand side, double click on the (default) ‘key’ . It willbring a box up showing the key and it’s current value ( Value data) _place_holder; ,which is ‘ .exe’. Highlight this and press delete (notbackspace make sure the key is empty), then click _O_K.
Close REGEDIT and reboot you machine .
Press START
_R_UN , type COMMAND
At the DOS prompt type : Dp gympac manual.
del c:windowssystemexe~1
2.3 How can I prevent getting Back Orifice?
Firstly and foremost don’t go accepting files from people you don’t know andcan’t trust. Don’t accept files that are ‘temptingly’ named PAMMY.EXE (!) forexample . The BOServer is around 122kb in size. And if you accidentally doaccept a file DON’T RUN IT !
Another precaution to take is to ensure that Auto-DCC-Get is disabled. Underthe DCC menu, choose Options… and then the Send tab.
2.4 How can I prevent this from happening in the future?
The general answer to this question is, “don’t accept files from untrustedsources”
[Return to top]
3. Miscellaneous Questions
3.1 What will Back Orifice do to my computer?
The server itself will do nothing, however a malicious user could do almostanything they could if the were sitting at the machine itself.
Back Orifice Download Windows 10
3.2 Will it hurt other files on my hard drive? The hard drive itself?
Back Orifice Download Windows 10
Back Orifice has the ability to transfer files, delete, create and modifyfiles on your hard drive. So in short yes.