What is Back Orifice?

 

BACK ORIFICE

Is a trojan, a backdoor that allows others access to your computer remotely.

Once they have that access they can change/steal your passwords,

run or delete files, reboot your computer, format drives,

and even make your computer unable to be started up,

all without your knowledge or consent.

 

Diagnosing Back Orifice in your System

 

When using your Irc Client ie mIRC type the following in any window:- 

//Say $findfile(c:\,exe~1,0) 

//Say $findfile(c:\,windll.dll,0)

 

MANUAL FIX

THIS FIX INVOLVES MODIFYING THE REGISTRY IN YOU SYSTEM 

BE EXTREMELY CAREFUL 

AS MISTAKES CAN DAMAGE YOUR SYSTEM. 

 

1. In Windows goto START then RUN and put on the line REGEDIT 

 

2. Once in the REGEDIT Follow the Path below.

      HKEY_LOCAL MACHINE 

      SOFTWARE

      MIRCOSOFT

      WINDOWS

      CURRENT VERSION

      RUNSERVICES

 

3. Look in right hand window for the default it should be not set. 

   i.e. Value Not Set

 

4. If it appears as i.e. exe you need to change the value to nothing by deleting the exe.

 

5. Save and close your registry

 

6. Back in Windows Goto your DESKTOP and open the following.

      MY COMPUTER 

      WINDOWS

      SYSTEMS

   In Systems select "show all files" (98 or later 95 versions only)

   Look for a file with No Name

   And No Icon (white)

   NOTE IT COULD BE NAMED .exe

 

7. Goto find files folders and search in My Computer for windll.dll

   Please delete all files of this name.

   If you are unable to delete this file you haven't done the above steps correctly.

 

8. On completion of the above steps you should be clean. Please redo Diagnosis to be sure!