Back Orifice default installation
| win95-back-orifice (1218) |  High Risk |
Description:
The Back Orifice backdoorcould allow an attacker to gain complete access. With the Back Orifice backdoor, an attacker can obtain total control of the system without the knowledge or consent of the victim.
Consequences:
Gain Access
Remedy:
To remove a default installation of Back Orifice from your computer:
CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.
- Using Regedit, find the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices registry key.
- Find and delete the registry entry named (Default) that has a data value of .exe.
- Restart the computer.
- Delete the file exe~1 from C:\Windows\System.
References:
- Cult of the Dead Cow (cDc) Web site: cDc Home Page.
- Internet Security Systems Security Alert #05: Cult of the Dead Cow Back Orifice Backdoor.
- Internet Security Systems Security Alert #08: Windows Backdoors Update.
- CVE-1999-0660: A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.
Platforms Affected:
- Microsoft Windows 95
- Microsoft Windows 98
Reported:
Aug 03, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net