About Raj

Back Orifice - Watch Out
by Peter Doshi, pdoshi01@student.vill.edu
Page updated Nov 11, 1998

You may or may not have already heard about Back Orifice. It is the supposed cause behind the recent hacks into VSNL users' systems. This page is here to set the record straight with the facts so people don't panic nor take this threat too lightly.

What is Back Orifice (BO)? What should you do? How do you remove it?

What is Back Orifice?

In the words of The Cult of the Dead Cow, its creator:

Back Orifice is a remote administration system which allows a user to control a Win95 machine over a network using a simple console or GUI application. On a local LAN or across the internet, BO gives its user more control of the remote Windows system than the person at the keyboard of that machine.

In our words, BO will feel like the worst thing that can happen to you. BO is just plain BAD You may even already have it on your system without knowing about it. BO will let anybody do just about anything on your system. Things like looking at your files, your registry, and even formatting your harddisk are all possibilities with BO.

This webpage is provided not to inform you directly concerning everything about BO, but to give you a starting point with many links, including one link for a program which claims to get rid of BO. Note that, while many claim to get rid of BO, many are yet untested. (see below)

What should you do?

The best thing you can do is to stay abreast of information concerning BO. Keep watching the news and realize that it is very dangerous due to its ability to adapt and change. A common practice of going to AltaVista and searching for: +"Back Orifice" will yield current results. Currently, AltaVista finds 2021. In the next weeks and months, we feel this will grow exponentially. Some good pages worth bookmarking:

  1. The Back Orifice "Backdoor" Program
  2. Back Orifice
  3. Is 'Back Orifice' a threat - - or an educational tool?
  4. Symantec: Info on Back Orifice and NetBus (This isn't yet confirmed to work by any ``human'' sources)
How do you remove it?

The first thing to realize is that there is no 100% unanamously accepted cure for Back Orifice. There are only programs reported to work. There are even programs being distributed which are BO in disguise.

Care must be taken to download a clean version of the remover, too, and therefore we suggest that you download the program from the creator's website, rather than any mirror.

One particularly comprehensive website recommends two programs:

  1. BO Detect
  2. Back Orifice Eliminator

Watch out for a program called BO Sniffer - it's BO in disguise!

Directions for installing BO Detect:
Please note that this is NOT our program and is NOT freeware. It is free for individual use. Anything other than that, and you will need to pay for it. Contact the author of this program for more information. Read order.txt

  1. Download the following 10 files and put them all in the same place. For instance, make a folder called BODetect on your desktop (C:\Windows\Desktop\BoDetect\) and save the files in there. They need to be kept together for the installation to work correctly.
    1. http://guide.vsnl.net.in/tcpip/columns/bo/eula.txt
    2. http://guide.vsnl.net.in/tcpip/columns/bo/BoDetect.exe
    3. http://guide.vsnl.net.in/tcpip/columns/bo/BoDEngine.dll
    4. http://guide.vsnl.net.in/tcpip/columns/bo/readme.txt
    5. http://guide.vsnl.net.in/tcpip/columns/bo/expbul1a.gif
    6. http://guide.vsnl.net.in/tcpip/columns/bo/bofaq.htm
    7. http://guide.vsnl.net.in/tcpip/columns/bo/exptextb.jpg
    8. http://guide.vsnl.net.in/tcpip/columns/bo/Instructions.htm
    9. http://guide.vsnl.net.in/tcpip/columns/bo/order.txt
    10. http://guide.vsnl.net.in/tcpip/columns/bo/REGSVR32.EXE

    Experienced users: To save time download a zipped file of all the above: BoDetect_StandAlone.zip

  2. Next, close your web browser and go into the folder where you downloaded the files and run BoDetect.exe. Doing so will install the program and get rid of Back Orifice from your computer.
  3. Your computer should not be infected anymore. Contact us if you encounter any problems.

Copyright © 1996, 1997, 1998 Dr. Raj Mehta. All rights reserved.