Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NTBugtraq> 1998

Re: How to find and get rid rid of Back Orifice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to find and get rid rid of Back Orifice

To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: How to find and get rid rid of Back Orifice
From: "Leech, Simon" <Simon_LeechNAI.COM>
Date: Fri, 7 Aug 1998 03:13:32 -0700
Comments: To: "jimstenteract.com" <jimstenteract.com>
Reply-To: "Leech, Simon" <Simon_LeechNAI.COM>
Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

Hi,

Although it's not a virus Network Associates have decided to add a detection
string for this dangerous program as well, we trigger on the file
boserve.exe with "cdc-bo.a (hacktool)" virus

It's in the betascan.zip on http://beta.nai.com/public/datafiles

Admittedly this will not help you if the BO server is already running on
your machine, however scanning manually for this file will find it if it has
been downloaded and not executed.

Regards,

Simon

> Simon Leech
Prime Support Account Manager
Network Associates International B.V.
Gatwickstraat 25, PO Box 58326
1040HH Amsterdam, The Netherlands


> -----Original Message-----
> From: James Strompolis [SMTP:jimstenteract.com]
> Sent: Wednesday, August 05, 1998 9:34 AM
> To:   NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
> Subject:      How to find and get rid rid of Back Orifice
>
        "Network Associates McAfee Virus Scan did not set off any alarms.
Maybe another virus
> scanner will view the program's actions as suspicious?"
>

Prev by Date: Watching for nasties.
Next by Date: Eudora security bug - executes URL
Prev by thread: Re: How to find and get rid rid of Back Orifice
Next by thread: Re: How to find and get rid rid of Back Orifice
Index(es):
- Date
- Thread