[EMAIL PROTECTED] wrote:
>
> A friend of mine caught the orifice virus.
> He thinks it came by way of the internet or email. He uses WIN95.
> Does anyone know what destruction it does ?
> Luckily I use Lynx386, Minuet and Pegasus for DOS.
The Back Orifice virus cause no damage. It functions as something else:
Its a remote-control backdoor to the infected computer. If to put
it in other words: Anyone who have the appropriate program can control
the infected computer from the internet. One of the abilities is also
to start a WWW server which opens your hard disk to the public.
("My Computer" folder is defined as the root, which allow access
to all the drives in the computer using any HTTP 1.0 compatible
browser. There's even a small function in each HTML page that allow
you to upload a file to the directory you are currently in.) One of
the less popular function is to open a DOS window and remote control
it via telnet.
An important notice is that BO is not a virus, its a program. you
cannot really get "infected". However, once the "server" program
runs, it automaticly delete the origin EXE to avoid detection.
BO auto-install only if you run an EXE, so it doesnt matter what
did you used to download it, as long as you didnt ran it on Win9x/NT.
You can also patch it into normal Windows program files. Therefor
BO must be treated as a virus anyhow. Most anti-viruses today should
detect it. (my norton anti-virus can.)
Another way is to detect it manualy.
look for a file called " .EXE" in the C:\WINDOWS\SYSTEM directory.
Be aware, that the file can be renamed to anything (it doesnt even
have to be .exe!). If you find it, you cant delete it. Windows is
protecting it. Go to the REGEDIT (registry editor) and go to the
following registry keys:
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Windows
CurrentVersion
RunServices
There you should find a list of programs that are ran each time
Windows start up. (its an "alternative" for the StartUp folder).
Look for that BO file. Be carefull not to delete anything else that
windows requires by mistake!!. Then restart and delete the actuall
file.
(BTW, for those of you who wander how come I know so much about this
thing, well, I OPed a help channel in IRC and actually downloaded
and infected myself in BO in purpose to learn about it. I was so
impressed, that if it wasnt a virus I would have really used it
to control my computer later... too bad the password protection
sucks. oh well. There's always VNC and PCAnywhere..)
Or Botton
[EMAIL PROTECTED]
- "Truth is stranger than fiction, because fiction has to make sense."
-----------------------------
http://members.xoom.com/dsdp/
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
