| Port No | 1349 |
| Service Name | Back Ofrice DLL |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Back Orifice DLL is just Back Orifice in a DLL form. In order to autoload cfgwin32.reg must be ran to create the registry key. |
| Reference Link | Back Ofrice DLL Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices Key: cfgwin32 It does the following : Capture screen shot Capture video/audio Create a directory Create/delete export Compress/decompress file Disable/Enable http server Get cached passwords Log keystrokes Misc. file options Plugins Registry editing Spawn a text based application on a tcp port View contents of file View/Kill plugins View/Kill processes Removal : 1.Delete the registry key named cfgwin32 located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\. This can be done using regedit or another registry editing program. 2. Reboot the computer or close the trojan. 3. Delete the trojan file cfgwin32.dll in the windows system dire |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.