W32/BackOrifice_2k.Trojan

Download VIRUSfighter NOW
W32/BackOrifice_2k.Trojan Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 8/21/2000 • Type: Trojan
• Virus characteristics first published: 8/21/2000 • Spreading mechanism: Email, Network, Other
• Virus characteristics latest update: 12/17/2003 • Overall risk: Medium
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
To remove the trojan it is necessary to delete some entries from the Registry. This has to be done manually. Follow the procedure below.


  1. Run a virus scan and make a notice of all detected files.

  2. Click Start|Run and type Regedit.

  3. Search the registry for keys containing any of the detected files. By default this would be a file named "UMGR32.EXE", located in the c:\windows\system folder (c:\windows\system32 on WinNT/2000).

    When running Windows NT/2000, go to; \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UMGR32.EXE
    When running Windows 95/98, go to; \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\UMGR32.EXE



    Delete these registry keys.

  4. Reboot the computer and delete the file ("UMGR32.EXE").

  5. Perform a complete scan at you system, just to make sure you have removed all variants of BackOrifice.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter