|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Back Orifice - last info
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Back Orifice - last info
- From: James Strompolis <jimstenteract.com>
- Date: Thu, 6 Aug 1998 17:25:02 -0500
- Comments: To: WinNT-L List <WINNT-LPEACH.EASE.LSOFT.COM>, NT Security List <ntsecurityiss.net>
- Reply-To: jimstenteract.com
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Besides the executable, Back Orifice also leaves a file named windll.dll in c:\windows\system with the date that BO was installed. This dll is inside of the BO executable. If you delete only windll.dll without getting rid of the executable, it will be reinstalled by the executable. The executable will have the date of your version of Win9x. I originally stated it would be dated 7/11/95. It may have other dates depending on what version of Win95 or Win98 you have installed. The executable contains the string windll.dll in plaintext. If you do a search for files containing the text "windll.dll" you will find all instances of the BO executable. I've had a few reports of machines crashing fatally after BO installed. I don't think BO does anything destructive on its own. Sounds like BO was used to install a virus or wipe critical files. This should give everyone plenty of ways to find the program. Hopefully this will be as easy to find on NT when the NT version comes out. - James Strompolis Aleph Consultants, Inc. jimst
- Prev by Date: Administrivia: Acceptable posts to the list
- Next by Date: Watching for nasties.
- Prev by thread: Administrivia: Acceptable posts to the list
- Next by thread: Watching for nasties.
- Index(es):