Port No | 31338 |
Service Name | BO |
RFC Doc | 0 |
Protocol | UDP |
Description | BKDR_BO.58880 is a version of the "Back Orifice" series. This variant differs in the way it installs itself on the victim's computer (also called the server side). Like other versions of Back Orifice, this backdoor program compromises network security since it gives system administrator privileges to a remote user via the Internet. |
Reference Link | BO |
Attack | Solution: Click Start > Run Type REGEDIT and hit ENTER key In the left panel, click the "+" to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunServices In the right panel, search for the registry key that contains the data value of " .EXE". In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry. Exit the registry. Click Start > Shutdown. Choose "Restart" and click OK. After the computer has restarted, you can now delete the file "\windows\system\ .exe" in Windows Explorer since the PC will no longer run it at startup after you delete the associated registry entry. Scan your system with Trend Micro antivirus and delete all files detected as BKDR_ BO.58880. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.