informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/uploads/unbo.txt

94 lines
4.9 KiB
Plaintext
Raw Permalink Blame History

---------------------HOW TO UNINSTALL BACK ORFICE----------------------
BACK ORFICE IS A TROJAN/VIRUS THAT INSTALLS ITSELF ON YOUR COMUTER
WHEN YOU DOUBLE CLICK ON THE SERVER(.EXE). ONCE INSTALLED THE PORT 31337
IS LEFT OPEN UNLESS CHANGED FROM THE CLIENT OR THE SERVER CONFIG PROGRAM.
ONCE THIS PROGRAM IS INSTALLED ON YOUR COMPUTER IT ALLOWS "HACKERS" OR
PEOPLE TO GAIN ACCESS TO CERTAIN PARTS OF YOUR COMPUTER SUCH AS CACHED
PASSWORDS, WORD DOCUMENTS, PERSONAL FILES AND JUST ABOUT ANYTHING ON
YOUR COMPUTER.
STEP 1: FIND OUT IF YOU HAVE THE BACK ORFICE SERVER ON YOUR COMPUTER BY
GOING TO A DOS PROMPT AND TYPING netstat -a. THIS WILL LIST ALL
PORTS THAT YOU HAVE OPEN.
STEP 2: LOOK AT THE RESULTS OF YOUR netstat -a COMMAND. IF YOU HAVE
BO ON YOUR COMPUTER YOU SHOULD SEE SOMETHING LIKE THIS;
oemcomputer:31337. THE PORT 31337 IS OPEN AND WAITING FOR A
BO CLIENT TO "TALK" TO IT.
STEP 3: IF YOU DO NOT SEE THE PORT 31337 OPEN, THEN YOU DO NOT HAVE
BACK ORFICE ON YOUR COMPUTER.
STEP 4: IF YOU HAVE BO ON YOUR COMPUTER AND YOU WANT TO UNINSTALL IT
THEN MOVE ON TO STEP 5
STEP 5: THE BO SERVER IS LOCATED IN THE C:\WINDOWS\SYSTEM DIRECTORY.
YOU CANNOT SEE THE SERVER. ITS HAS NO ICON AND IS HIDDEN.
SO HOW MIGHT YOU ASK YOU DELETE IT, ITS SIMPLE, JUST TAKE A
DIFFERENT ROUTE. GO TO THE START MENU AND CLICK ON IT. THEN
CLICK ON FIND. ONCE YOU ARE IN THE FIND PROGRAM, MAKE THE BOX
THAT SAYS LOOK IN:, LOOK IN C:\WINDOWS\SYSTEM. THEN GO UP TO
THE BOX THAT SAYS NAMED: AND ENTER *.EXE. THIS WILL LIST
EVERY .EXE FILE IN C:\WINDOWS\SYSTEM. THEN SCROLL DOWN UNTIL
YOU SEE AN ICON WITH NO NAME, THIS IS THE BO SERVER. IT SHOULD
BE ABOUT 125 KBYTES. ONCE YOU HAVE LOCATED IT RIGHT CLICK
ON IT. THEN CHOOSE PROPERTIES. THE PROPERTIES WILL TELL YOU
WHERE IT IS LOCATED AND WHAT ITS NAME IS.(GUESS THE GUYS AT CULT
OF THE DEAD COW DIDNT THINK OF EVERYTHING)THE FILE NAME SHOULD LOOK
LIKE THIS C:\WINDOWS\SYSTEM\EXE~1. THAT IS WHAT IT WAS NAMED
ON MY COMPUTER, BUT I DONT KNOW IF THE NAMES VARY. THEN PROCEED
TO WRITE DOWN THE LOCATION AND NAME OF THE PROGRAM. THEN YOU
SHUT DOWN YOUR COMPUTER IN MS-DOS MODE. IF YOU ARE UNFAMILIAR
WITH DOS DONT GO PRESSING ALOT OF BUTTONS, JUST FOLLOW MY
DIRECTIONS. ONCE YOU ARE AT A DOS PROMPT TYPE CD C:\WINDOWS\SYSTEM.
THIS WILL CD OR CHANGE DIRECTORY TO C:\WINDOWS\SYSTEM WHERE
YOU CAN DELETE THE BO SERVER. ONCE IN THE DIRECTORY NAMED
C:\WINDOWS\SYSTEM YOU CAN PROCEED TO DELETE THE FILE. TYPE
DEL EXE~1 OR WHATEVER THE SERVER MIGHT BE CALLED ON YOUR COMPUTER.
THIS WILL DEL OR DELETE THE FILE EXE~1.
STEP 6: IF YOU HAVE DELETED THE BO SERVER WITH NO PROBLEMS THEN YOU CAN
RESTART IN WINDOWS. TYPE WIN OR EXIT AND YOUR COMPUTER WILL BOOT
BACK UP INTO WINDOWS. THEN TO DOUBLE CHECK YOU
GO AND TYPE THE netstat -a AGAIN, AND LOOK FOR 31337. IF WHEN
YOU RESTART YOUR COMPUTER AN ERROR MESSAGE COMES UP THAT SAYS
SOMETHING LIKE CANNOT FIND C:\WINDOWS\SYSTEM\EXE~1 THEN YOU
WILL HAVE TO GO ONE STEP FURTHER TO COMPLETELY UNINSTALL BO.
STEP 7: YOU WILL HAVE TO LOOK IN THE SYSTEM.INI OR THE WIN.INI FOR THE
BOOT RECORD FOR THE BO SERVER. IF YOU DONT HAVE MUCH COMPUTER
KNOWLEDGE I WOULD SUGGEST THAT YOU STOP N0W AND JUST BE
THANKFULL THAT NO ONE CAN SEE YOUR PR0N PASSWORDS ANYMORE. IF
YOU HAVE SOME KNOWLEDGE OR YOU FEEL YOU DO, GO RIGHT AHEAD, BUT
YOU CAN SCREW THINGS UP BIGTIME BY EDITING THESE FILES AS WE
ARE ABOUT TO DO. GO TO THE FIND AGAIN AND MAKE THE SEARCH DIRECTORY
C:\. THEN TYPE SYSTEM.INI OR WIN.INI. AT THE TOP OF BOTH, THERE
SHOULD BE SOMETHING THAT SAYS BOOT OR STARTUP OR SOMETHING LIKE
THAT. LOOK FOR A COMMAND THAT TELLS YOUR COMPUTER AT STARTUP TO
BOOT EXE~1. ONCE YOU HAVE FOUND THIS, DELETE THE ENTIRE LINE, BUT
NOTHING ELSE. IF YOU FEEL THAT YOU HAVE DONE THIS CORRECTLY
GO UP TO FILE AND SAVE IT. THEN RESTART YOUR COMPUTER AND WALLA
NO MORE BO.
-----------------------------PROBLEMS----------------------------------
I TESTED THIS METHOD ON MY COMPUTER SO YOU SHOULD HAVE NO PROBLEM WITH
UNINSTALLING THIS TROJAN. IF YOU HAVE ANY PROBLEMS, QUESTIONS, OR
ANY COMMENTS, PLEASE FEEL FREE TO E-MAIL ME AND I WILL GET BACK TO YOU
A.S.A.P.
------------------------IN CONCLUSION----------------------------------
BACK ORFICE IS A GOOD PROGRAM THAT HAS MANY LEGAL USES AND MANY ILLEGAL
USES. CULT OF THE DEAD COW IS A GOOD GROUP AND OBVIOUSLY KNOW THERE SHIT
CAUSE EVEN MICROSOFT FEARS THIS TROJAN/VIRUS. YOU SHOULD ALWAYS KNOW
WHAT YOU ARE DOWNLOADING ON THE NET. IF YOU FRIEND WANTS TO SEND YOU
A SUPER LEETO NEETO GAME, SCAN IT FIRST. AND IF YOU DONT HAVE A VIRUS
SCANNER, GO OUT AND BUY ONE SO YOU WONT HAVE TO WASTE YOUR TIME DOING
THIS THE NEXT TIME. MOST VIRUSES/TROJANS ARE HARDER TO UNINSTALL AND
SOMETIMES CANT BE UNINSTALLED SO WATCH WHAT YOU DOWNLOAD.
THIS TEXT-FILE HAS BEEN WRITTEN BY MRTHRIPS. YOU CAN REACH ME AT
MRTHRIPS@ANTI-SOCIAL.COM, THROUGH IRC AT #260C OR AT GO.TO/260C.
HAPPY REMOVING
Reference in New Issue View Git Blame Copy Permalink