Services    Trojan info    Chat    Downloads      About Us      Contact  Us     Help Forum     Support Us    Search

Back orifice

If you haven't heard of back orifice before then you must have been living in a remote desert with no access to newspapers, television or the internet . Back orifice is probably the most well known of all trojans .
Back orifice works by communicating with the victims computer through encrypted udp data packets . Back orifice is very powerful and if used by someone who knows what they are doing can give the hacker more control over the infected computer then the victim has.
I wont go into how to remove back orifice because there are so many programs out there that will do this its much easier to download one of them and remove it that way
Check out the bo2k section of this site , it has info on removing the latest back orifice version

Back construction

Back construction is your basic file server type trojan , it doesn't really do much but could be used to upload something more destructive like back orifice or subseven .

Removal instructions :

Click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Click on 'Run' and the right-hand panel will change. Look for the item titled: Shell = "C:\WINDOWS\Cmctl32.exe"
Right click on 'Shell' and choose Delete.
Close regedit and reboot your PC to remove the trojan from memory.
After the reboot, use Windows Explorer to delete the trojan file at:
C:\WINDOWS\Cmctl32.exe

Bo2k

Bo2k  is the latest and  much hyped  version of back orifice . This time it has moved away from being a lamer type trojan to being more of a remote access administration tool , although like any remote access administration tool it can still be used to hack people .

Removal  ( note that this is just for the default server , not for  any configurations the hacker may have made )
Delete the registry bo key located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\. This can be done using  regedit or another registry editing program.
Reboot the computer
Delete the trojan server exe file, located always in the windows directory