| Port No | 4321 |
| Service Name | Bo-Bo |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | Bo-Bo 1.0 Final Beta has a client very similar to Back Orifice. This trojan does not have many features and is probably not used much at all any more |
| Reference Link | Bo-Bo Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: DirectLibarySupport It does the following : File list, delete, download, upload Get ICQ passwords Get PWL passwords Get system info Goto URL Ping Process show, kill, run Reboot Send message Removal : 1.Remove the DirectLibarySupport key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run And everything under ICQ Accel in the registry located at HKEY_USERS\.Default\Software\Mirabilis\ICQ\Agent\Apps\ Which can be done with regedit or any other registry editing program 2. Reboot the computer or close Dllclient.exe. 3. Delete the trojan file Dllclient.exe in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.