---------------------HOW TO UNINSTALL BACK ORFICE----------------------

BACK ORFICE IS A TROJAN/VIRUS THAT INSTALLS ITSELF ON YOUR COMUTER
WHEN YOU DOUBLE CLICK ON THE SERVER(.EXE).  ONCE INSTALLED THE PORT 31337
IS LEFT OPEN UNLESS CHANGED FROM THE CLIENT OR THE SERVER CONFIG PROGRAM.
ONCE THIS PROGRAM IS INSTALLED ON YOUR COMPUTER IT ALLOWS "HACKERS" OR
PEOPLE TO GAIN ACCESS TO CERTAIN PARTS OF YOUR COMPUTER SUCH AS CACHED
PASSWORDS, WORD DOCUMENTS, PERSONAL FILES AND JUST ABOUT ANYTHING ON
YOUR COMPUTER.


STEP 1: FIND OUT IF YOU HAVE THE BACK ORFICE SERVER ON YOUR COMPUTER BY
       GOING TO A DOS PROMPT AND TYPING netstat -a.  THIS WILL LIST ALL
       PORTS THAT YOU HAVE OPEN.

STEP 2: LOOK AT THE RESULTS OF YOUR netstat -a COMMAND.  IF YOU HAVE
       BO ON YOUR COMPUTER YOU SHOULD SEE SOMETHING LIKE THIS;
       oemcomputer:31337.  THE PORT 31337 IS OPEN AND WAITING FOR A
       BO CLIENT TO "TALK" TO IT.

STEP 3: IF YOU DO NOT SEE THE PORT 31337 OPEN, THEN YOU DO NOT HAVE
       BACK ORFICE ON YOUR COMPUTER.

STEP 4: IF YOU HAVE BO ON YOUR COMPUTER AND YOU WANT TO UNINSTALL IT
       THEN MOVE ON TO STEP 5

STEP 5: THE BO SERVER IS LOCATED IN THE C:\WINDOWS\SYSTEM DIRECTORY.
       YOU CANNOT SEE THE SERVER.  ITS HAS NO ICON AND IS HIDDEN.
       SO HOW MIGHT YOU ASK YOU DELETE IT, ITS SIMPLE, JUST TAKE A
       DIFFERENT ROUTE.  GO TO THE START MENU AND CLICK ON IT.  THEN
       CLICK ON FIND.  ONCE YOU ARE IN THE FIND PROGRAM, MAKE THE BOX
       THAT SAYS LOOK IN:, LOOK IN C:\WINDOWS\SYSTEM.  THEN GO UP TO
       THE BOX THAT SAYS NAMED: AND ENTER *.EXE.  THIS WILL LIST
       EVERY .EXE FILE IN C:\WINDOWS\SYSTEM.  THEN SCROLL DOWN UNTIL
       YOU SEE AN ICON WITH NO NAME, THIS IS THE BO SERVER.  IT SHOULD
       BE ABOUT 125 KBYTES.  ONCE YOU HAVE LOCATED IT RIGHT CLICK
       ON IT.  THEN CHOOSE PROPERTIES.  THE PROPERTIES WILL TELL YOU
       WHERE IT IS LOCATED AND WHAT ITS NAME IS.(GUESS THE GUYS AT CULT
       OF THE DEAD COW DIDNT THINK OF EVERYTHING)THE FILE NAME SHOULD LOOK
       LIKE THIS C:\WINDOWS\SYSTEM\EXE~1.  THAT IS WHAT IT WAS NAMED
       ON MY COMPUTER, BUT I DONT KNOW IF THE NAMES VARY.  THEN PROCEED
       TO WRITE DOWN THE LOCATION AND NAME OF THE PROGRAM.  THEN YOU
       SHUT DOWN YOUR COMPUTER IN MS-DOS MODE.  IF YOU ARE UNFAMILIAR
       WITH DOS DONT GO PRESSING ALOT OF BUTTONS, JUST FOLLOW MY
       DIRECTIONS.  ONCE YOU ARE AT A DOS PROMPT TYPE CD C:\WINDOWS\SYSTEM.
       THIS WILL CD OR CHANGE DIRECTORY TO C:\WINDOWS\SYSTEM WHERE
       YOU CAN DELETE THE BO SERVER.  ONCE IN THE DIRECTORY NAMED
       C:\WINDOWS\SYSTEM YOU CAN PROCEED TO DELETE THE FILE.  TYPE
       DEL EXE~1 OR WHATEVER THE SERVER MIGHT BE CALLED ON YOUR COMPUTER.
       THIS WILL DEL OR DELETE THE FILE EXE~1.

STEP 6: IF YOU HAVE DELETED THE BO SERVER WITH NO PROBLEMS THEN YOU CAN
       RESTART IN WINDOWS.  TYPE WIN OR EXIT AND YOUR COMPUTER WILL BOOT
       BACK UP INTO WINDOWS. THEN TO DOUBLE CHECK YOU
       GO AND TYPE THE netstat -a AGAIN, AND LOOK FOR 31337.  IF WHEN
       YOU RESTART YOUR COMPUTER AN ERROR MESSAGE COMES UP THAT SAYS
       SOMETHING LIKE CANNOT FIND C:\WINDOWS\SYSTEM\EXE~1 THEN YOU
       WILL HAVE TO GO ONE STEP FURTHER TO COMPLETELY UNINSTALL BO.

STEP 7: YOU WILL HAVE TO LOOK IN THE SYSTEM.INI OR THE WIN.INI FOR THE
       BOOT RECORD FOR THE BO SERVER.  IF YOU DONT HAVE MUCH COMPUTER
       KNOWLEDGE I WOULD SUGGEST THAT YOU STOP N0W AND JUST BE
       THANKFULL THAT NO ONE CAN SEE YOUR PR0N PASSWORDS ANYMORE.  IF
       YOU HAVE SOME KNOWLEDGE OR YOU FEEL YOU DO, GO RIGHT AHEAD, BUT
       YOU CAN SCREW THINGS UP BIGTIME BY EDITING THESE FILES AS WE
       ARE ABOUT TO DO.  GO TO THE FIND AGAIN AND MAKE THE SEARCH DIRECTORY
       C:\.  THEN TYPE SYSTEM.INI OR WIN.INI.  AT THE TOP OF BOTH, THERE
       SHOULD BE SOMETHING THAT SAYS BOOT OR STARTUP OR SOMETHING LIKE
       THAT.  LOOK FOR A COMMAND THAT TELLS YOUR COMPUTER AT STARTUP TO
       BOOT EXE~1.  ONCE YOU HAVE FOUND THIS, DELETE THE ENTIRE LINE, BUT
       NOTHING ELSE.  IF YOU FEEL THAT YOU HAVE DONE THIS CORRECTLY
       GO UP TO FILE AND SAVE IT.  THEN RESTART YOUR COMPUTER AND WALLA
       NO MORE BO.

-----------------------------PROBLEMS----------------------------------

I TESTED THIS METHOD ON MY COMPUTER SO YOU SHOULD HAVE NO PROBLEM WITH
UNINSTALLING THIS TROJAN.  IF YOU HAVE ANY PROBLEMS, QUESTIONS, OR
ANY COMMENTS, PLEASE FEEL FREE TO E-MAIL ME AND I WILL GET BACK TO YOU
A.S.A.P.

------------------------IN CONCLUSION----------------------------------
BACK ORFICE IS A GOOD PROGRAM THAT HAS MANY LEGAL USES AND MANY ILLEGAL
USES.  CULT OF THE DEAD COW IS A GOOD GROUP AND OBVIOUSLY KNOW THERE SHIT
CAUSE EVEN MICROSOFT FEARS THIS TROJAN/VIRUS.  YOU SHOULD ALWAYS KNOW
WHAT YOU ARE DOWNLOADING ON THE NET.  IF YOU FRIEND WANTS TO SEND YOU
A SUPER LEETO NEETO GAME, SCAN IT FIRST.  AND IF YOU DONT HAVE A VIRUS
SCANNER, GO OUT AND BUY ONE SO YOU WONT HAVE TO WASTE YOUR TIME DOING
THIS THE NEXT TIME.  MOST VIRUSES/TROJANS ARE HARDER TO UNINSTALL AND
SOMETIMES CANT BE UNINSTALLED SO WATCH WHAT YOU DOWNLOAD.

THIS TEXT-FILE HAS BEEN WRITTEN BY MRTHRIPS.  YOU CAN REACH ME AT
[email protected], THROUGH IRC AT #260C OR AT GO.TO/260C.
HAPPY REMOVING

You are viewing proxied material from gopher.altexxanet.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.