Overview |
Summary: |
Program fakes installed BO server, listens on user defined ports for attempted connections from remote BO hackers, logs remote IPs and all commands BO hacker attempts to execute, and offers user the option of sending fake replies back to BO hacker. |
Vendor Notes: |
This program listens on port 31337 and tells you the IP of the hacker and the port of their BOGUI.exe. -- from the doc. |
Category: |
Misc Tool: Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it.
|
Variants: |
Back Orifice Spy 1.31Back Orifice Spy 1.61 |
Similar Pests: |
Misc Tool |
Origins |
Author: |
Chaplin_Hack |
Date of Origin: |
Variants from November, 1998 to December, 1998 |
Distribution |
Prevalence: |
Back Orifice Spy 1.31: < 0.00005%
More Info |
Clot Factor: |
Back Orifice Spy 1.31: < 1
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Countries Affected: |
In the past three months, we have received reports of Back Orifice Spy in United States. |
Operation |
Storage Required: |
Back Orifice Spy 1.31: at least 157 KBBack Orifice Spy 1.61: at least 385 KB |
Detection and Removal |
Automatic Removal: |
 PestPatrol detects this.
PestPatrol removes this.
|
Manual Removal: |
Follow these steps to remove Back Orifice Spy from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. |
|
Stop Running Processes:
Kill these running processes with Task Manager:
|
|
Remove Files:
Remove these files (if present) with Windows Explorer:
|
Research |
File Analyses: |
|
More Info: |
AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo! |
Research By: |
PestPatrol's Pest Research Center |
Last Revised: |
April 25, 2005 |