Event ID - 31337

Port No31337
Service NameBackOrifice
RFC Doc0
ProtocolUDP
DescriptioncDc Back Orifice remote admin tool
Reference LinkPort No:31337 Service Name:BackOrifice Port:UDP

ACTION
AttackStep 1. Click START | RUN
type REGEDIT and hit ENTER

Step 2. In the left window, click the "+" (plus sign) to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
RunServices

Step 3. In the right window, look for a key that loads a file called ".exe" (see NOTES below).

Step 4. In the right window, highlight the key that loads the file and hit the DELETE key. Answer YES to delete the entry.

Step 5. Exit the Registry

Step 6. Reboot your computer

Step 7. After the computer has restarted, open Windows Explorer

Step 8. Go to the WINDOWS\SYSTEM directory and look for the ".exe" file (see NOTES below). It will NOT have a name to it, just an extension. Once you've found the file, DELETE it.

Step 9. Also in the WINDOWS\SYSTEM directory, look for a file called "windll.dll". DELETE it as well. It's a file that's created by specifically by BO.

Step 10. Exit Windows Explorer and reboot your computer.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.