Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


BEWARE OF BACK ORIFICE 2000 TROJAN

Virus Name  : Backdoor.Bo2K

Virus type    : Spy tool

Threat level : Low

Virus details :

                     BO2K is a hacker agent, it allows the computer to be remotely controlled by another user. It was created by the Cult of Dead Cow hackers group in July 1999. It works on Windows 95, 98 and Windows NT platforms. There are two versions available in this Trojan, one is designed for USA and other an international version.

                     BO2K uses UDP or TCP protocols and XOR or TripleDES encryption algorithms. The source code of this trojan is also made public allowing hackers to modify the software. This Trojan contains the executables named "bo2k.exe", "bo2kcfg.exe", "bo2kgui.exe" and a plug-in "bo_peep.dll".

                     As its previous versions, the Back Orifice 2000 backdoor has 2 major parts: client and server. The server part needs to be installed on a computer system to gain access to it with the client part. The client part connects to the server part via network and is used to perform a wide variety of actions to remote system. The client part has a dialog interface that eases the process of hacking of the remote computer.

Here is the screenshot of the Client Part

The server, i.e. the part of the program that installs itself on the victim computer, is totally configurable, for which it is now possible to define the following parameters, among others:

  • The ports used to access the computer that will act as the server.
  • The passwords used by the client to access the server.
  • The type of encryption used (XOR or TripleDES).
  • The network protocol used (UDP or TCP).
    •

    Among the 70 commands that can be remotely executed are the following:

  • Hide server activity: used to make Trojan activity invisible for the infected user.
  • Delete original exe file, which permits improve stealth.
  • Hide server process.
  • Change server process name.
  • Change the process name of the remote administration service.
  • Reboot remote machine.
  • Lock-up Machine.
  • List user passwords.
  • Get info on remote machine: OS, memory, processor...
  • Start or stop a process.
  • Modify Windows' Registry.
  • Find, copy, rename, modify, save, delete, send, get and read files and directories.
  • Start or stop a process.
  • Open/Close remote server.
  • List, load and delete BO2K plug-ins.
    •

    How can I protect my system?

                       Solo has incorporated  Bo2k in its signature file to protect users from this trojan attack. Solo antivirus registered users are already protected from this trojan. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

    How to remove Bo2k virus?

                       If you are already infected with this backdoor, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Bo2k safely. Use the following link to Download 30 day trial version of Solo antivirus [1670 KB] to remove viruses from your computer.

                       Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

    You can purchase Solo antivirus using the link