About Raj

NetBus a Nasty Trojan

arrow_yellow.gif (281 bytes)
NetBus: Nasty cousin of Back Orifice.
arrow_yellow.gif (281 bytes)
The Guide recommends

Related Links

To remove NetBus- Steps to remove NetBus.
More about NetBus Find out more about NetBus

NetBus: Nasty cousin of Back Orifice
by Sahil Javeri sjaveri@hotmail.com

What is NetBus:

NetBus is a nastier cousin of Back Orifice. Like Back Orifice, NetBus allows a remote user to access and control your machine by way of its Internet link. The two are closely similar in many ways, distinctly different in others.

One very important fact: NetBus runs under the NT operating system as well as Win95/98. At this writing, Back Orifice is not a threat to NT users, but NetBus is and always has been, since it first appeared in early 1998.

The main difference is that Back Orifice is very small file and where as NetBus is about 471 KB file. So the hackers use BO and NetBus together. First they get smaller program BO into the user's system and then upload the larger program NetBus.

How do I know that I have NetBus on my system?

With this program, someone can do the following on your computer if you are infected by it

Open/Close CD-ROM
Show optional BMP/JPG image.
Swap mouse buttons.
Start optional application.
Play a wav file.
Control mouse.
Show different kind's of messages.
Shut down Windows.
Download/Upload/Delete files
Go to an optional URL.
Send keystrokes and disable keys.
Listen for and send keystrokes.
Take a screendump.
Increase and decrease the sound-volume.
Record sounds from the microphone.
Upload optional file.
Make click sounds every time a key is pressed.

This utility also has the ability to scan "Class C" addresses by adding "+Number of ports" to the end of the target address. Example will scan through 255.

How does a hacker infect my system

This program is usually sent by e-mail or by icq, a chat program. If the
person can see your IP address and he/she knows you have NetBus on your
machine, then that person can connect to your machine and do what I have
mentioned above.

How do I remove NetBus

The NetBus file is usually called patch.exe(default name) and it's icon
looks like a flame. It is approximately 461 kb in size, so if someone tries
to send you this, please do not open it.

There are also a few other malicious programs like NetBus called Back Orifice and masters paradise, etc. Although Back Orifice is more widely used, NetBus has a simpler interface and is easier to use, so do watch out for both these files. If in case your machine is broken in, do contact me(icq no 14336006)and be sure to read the information on the page below.


The Guide recommends [Next]

Copyright 1996, 1997, 1998 Dr. Raj Mehta. All rights reserved.