How to Determine if Back Orifice 2000 Is Installed On Your System

ID: Q237280

The information in this article applies to:
  • Microsoft Windows versions 95, 98, 98 Second Edition
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SUMMARY

This article describes how to determine if Back Orifice 2000 is installed on your computer.


MORE INFORMATION

When Back Orifice 2000 is installed on a Windows-based computer, the computer can be remotely controlled by another user.

Although remote control software is not malicious in and of itself, Back Orifice 2000 is intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make detection of the program difficult. To protect your system, follow safe computing practices and use current anti-virus software.

How to Determine if Back Orifice 2000 Is Installed on Your Computer

  • For Computers Running Microsoft Windows 95/98


    • By default, the Back Orifice 2000 installation program modifies the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService
    with the following value:
    "Umgr32.exe"="C:\\Windows\\System\\Umgr32.exe e"
    NOTE: Umgr32.exe is the default file name for Back Orifice 2000, and it can be modified by the distributor of the program. If the file name is modified, the registry value contains the path to the designated file name.

  • For Computers Running Microsoft Windows NT


    • The Back Orifice 2000 installation program installs and configures a service named Remote Administration Service.

    NOTE: The name of the service can be modified prior to installation.

How to Remove Back Orifice 2000

The makers of anti-virus and intrusion detection software are poised to quickly develop software that detects and removes Back Orifice 2000. Microsoft is working closely with manufacturers to assist in this process. Please refer to the following Microsoft Web site for more information as it becomes available:
http://www.microsoft.com/security/default.asp
The third-party contact information included in this article is provided to help you find the technical support you need. This contact information is subject to change without notice. Microsoft in no way guarantees the accuracy of this third-party contact information.

Additional query words: virus cult dead cow cdc bo2k

Keywords :
Version : WINDOWS:2000,95,98,98 Second Edition; winnt:4.0
Platform : WINDOWS winnt
Issue type : kbinfo


Last Reviewed: January 20, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.