Back Orifice (2000)
Server name: Back Orifice
Version: 2000
Different Version(s): [1.20][2000]
Server size: 136K
Server files: server.exe 
Server icon:

Infects: Windows 95/98/ME/NT/2000
Autoloads: Registry: HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ Key: UMG32.EXE
Default port: 54320 TCP or 54321 UDP 
Can port be changed: Yes

Server Features

  • Add/List shares on Microsoft networks
  • Capture AVI
  • Capture screen
  • Capture still picture
  • Chat
  • Choose between XOR and 3DES encryption
  • Compress files
  • DNS stuff
  • Email using servers computer
  • Get passwords
  • Get system info
  • Http file server
  • List capture devices
  • List connections
  • List/Start/Kill process
  • Load/Debug/List/Remove plugins
  • Lock up machine
  • Log keystrokes
  • Map network
  • Ping
  • Play WAV can also loop it
  • Plugin support
  • Port redirection
  • Query
  • Reboot Machine
  • Receive file
  • Registry editor
  • Send file
  • Send message box
  • Shutdown/Reboot/Logoff/Poweroff
  • Shutdown/Restart server
  • Start/List/Stop butt plugs
  • Start/List/Stop command socket
  • Start menu on/off
  • View/Kill apps

 
Comments 
Back Orifice 2000 is now able to infect Windows NT systems. This trojan was released as open source but nothing much has ever come of this. 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remove the UMG32.EXE key located in the registry at: HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\. Which can be done with regedit or any other registry editing program.
  2. Reboot the computer or close the trojan file.
  3. Delete the trojan file UMG32.EXE in the windows system directory

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.