Note: You will see the new WebTechGeek web page format with -
older WTG web page format. I hope you like the new!
Trojan horse virus!
Remember the only good virus is a dead virus. Part 2
Trojan
horse virus:
By Raymond Garcia
WebTechGeek.com
Part 2
Back Orifice:
Back orifice is a Trojan horse virus release into the
wild by the "Cult of the Dead Cow". When this
application is installed on your computer, anyone on the
Internet can access your hard drive files, format your
C drive, or just send you nasty messages. To tell if you
have the BO virus, perform a port scan of your computer.
If UDP 31337 port is open, then your infected. A Firewall
program can tell you if you have any open port. See all
about Firewalls.
It's a hacker tool that consists of two pieces, a client
application (a program on the attacker's computer) and
a server application (running on the victim's computer).
- Execute any program.
- Record keystrokes (i.e. store words you type for later
retrieval).
- Restart the machine.
- Lock up the machine.
- View the contents of any file.
- Transfer files to and from the victim's machine.
- Display the screen saver password.
The first version of Back Orifice Trojan was designed
to work on Windows 95 and 98 machines. But the original
authors recently released a new version. It's called Back
Orifice 2000 and it can be run on Windows NT machines.
The key to protecting yourself from the Back Orifice
Trojan horse is to not install it in the first place.
If you don't have Internet access, then it's of no consequence
because it relies on the Internet to communicate to the
hacker.
The attacker must also know the IP address of the target
machine. That's a numeric number assigned to each machine
connected to the Internet. The Internet Service Provider
usually assigns this number when a computer connects to
the Internet by modem. The number changes each time they
connect.
Computers on high-speed services such as ADSL or cable
modems have IP addresses that are static - that means
they don't change, though they can be. Computers on company
networks that have access to the Internet via a network
also have static IPs , and can be changed by a technician
or expert user.
If an attacker doesn't know your IP, they have a harder
time seizing control of your machine. They can use the
client application to perform a search through a range
of IP addresses. This can be difficult because there are
four billion possible IP addresses.
Also, users behind a Firewall - a computer that guards
a company network - are typically safe. Most corporations
have firewalls in place. The best defense against Trojan
horses is to follow safe computing practices. Don't download
or run programs from unknown sources. In the event you
do inadvertently install a Trojan horse, it can be removed
manually by delete an entry in Windows registry and then
a program from the hard drive.
So how do you get rid of it? Well there are two ways,
you could edit your registry in the location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Using regedit.exe found in your windows folder, or download
the program: Back OrificeREMOVER! this program is very
easy to use and will get rid of Back Orifice with ease.
TrojanHunter
Removes
trojans from your system. It scans for trojans using advanced
scanning methods found in no other product, such as registry,
port, inifile and memory scanning in addition to standard
file scanning. The convenient LiveUpdate utility lets
you update your rule files autmoatically and effortlessly.
Trojan horse virus: Part 1
Part 1 all about viruses.
Part 2 - What is a PC Virus, more about virus.
Part 3 - Protecting yourself from viruses, software list.
Part 4 - What is a Trojan horse.
Part 5 - Virus hoax.
