|
|
|
Backdoors Trojans
Netbus & Back Orifice
This page is special created to inform the visitor of some tools used by hackers
(Netbus and Back Orifice program) and of the possibility of Microsoft Internet Explorer to
make hidden files of your visited URL's.
There are a lot of internet users who are not aware of this possibilities. I was one of
them. I can assure the visitor that I am not a hacker and have little knowledge of it.
But before we go on, I should apologize for the incoming sound effect, but I
couldn't leave it. But You were surprised, didn't you? That was the idea.
A friend told me that he scanned the ports on my PC !!! Nothing
detected. What did he mean by that ???
You have to understand, on the internet you are not alone. Some people are
specialized in changing pictures, others in making animated gifs, banners, homepages,
…. and hacking. Hacking, what is hacking ? It means : breaking in in a
secure environment, decode. The term "breaking in" applies also on a
personal computer. When a "server" is installed it means that the PC is
infected. Other hackers can and will come into the infected PC. They can make
a screandump, look to your files, download and upload files, delete and rename files, see
your keyboard tabes online (passwords !!), close the active window to even crash your PC.
Such a serverprogram is attached on a application (.exe). The common infected applications
let install the Netbus or Back Orifice program. It usually locate it self on the root or C
directory.
Back Orifice is show as a blank spot if viewing the files on your C drive in windows
explorer. Make sure that "show all files" is checked. Go to
C:\windows\system and look just underneath the directory "Vmm32". When you
see an open spot, that’s Back Orifice.
Another program is Netbus. Netbus consists of a server and a client part. The server
part is the program which must be running on the computer you wish to administrate (
hackers view, means your PC). The client part is the program that another person use
to connect to your computer. The Netbus server starts automatically every time
windows starts. How to check if you have Netbus installed ?
Go to "start"- "run" – enter the word "telnet" –
connect external – enter by Hostname "localhost" and by port
"12345" and do connect. When you see "localhost" you are not
infected. However, when you see Netbus on the screen means that the PC is infected.
A problem is that hackers can set an other port and the above procedure (port 12345)
doesn’t work. Another port can be 12346 and others(?).
Another way to see if the PC is infected by "netbus" is to look in the root
C:\windows with explorer.
The .exe is mostly Patch.exe (v 1.60), sysedit.exe (v 1.50) and explore.exe ( watch out,
not explorer.exe) and size about 462 to 483 Kb.
Do not remove sysedit.exe in C:\windows\system, that’s the real program.
Sysedit.exe in C:\windows with size 462 – 483 Kb is Netbus.
Hackers can change the name of the ".exe " like for example surprise.exe. You
don’t know the real name if it is changed, just look to the size.
|
|
|
Removal instructions Netbus:
1. Delete Patch.exe in C:\windows\patch.exe or
C:\windows\sysedit.exe or C:\windows\explore.exe
2. Delete KeyHook.dll in C:\windows\keyhook.dll
3. In regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
delete Patch ("C:\windows\patch.exe )
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
delete Netbus Server Pro (C:\programma\netbus pro\nbsvr.exe )
Links
Links to Netbus |
Daph | in German |
| Telia | inofficial Dutch page, English | |
| Henrik Kehm | Trojan Horses in German, good site |
Links to Back Orifice |
Loughborough UK | Public service Loughborough Internet (UK) |
| Phone Boy | Phone Boy’s Geek Report | |
| Frozen Nu | Report from Diederik | |
| The Trasher | BO detection and removing programs |
Files to read |
Ameister | Text for Newbie Hacker |
| Delta Site | Text of Trojan Horse | |
| Neworder Site | Several interesting files |
When your are infected with Netbus, you may contact me and I will try to help you to remove it. This with the help of a friend.
|
|
Neworder. The resource for people to help avoid being hacked, security and exploiting related files and links. |
Download this full trial version from AVP (Anti Virus Protection),
see at Trial Versions
Anti Virus
Experts: Your First, Last, and Only Line of Defense
Download the free firewall Zone Alarm
 |
Netbus-BackOrifice | Subseven
Backdoor-G
Internet Explorer
| email | Backdoors
| PC | Macro Warning
| Virus Warning
HomePage | Overview Pages
Calpe-Spain | Entertainment
| Favorite | Hockey | Reefaquarium |
Virus
|
 |
