| Port No | 54321 |
| Service Name | BackOrifice2000 |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | [trojan] Back Orifice 2000 |
| Reference Link | Port No:54321 Service Name:BackOrifice2000 Port:TCP ACTION |
| Attack | Step 1.
Click START | RUN type REGEDIT and hit ENTER Step 2. In the left window, click the "+" (plus sign) to the left of the following: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion RunServices Step 3. In the right window, look for a key that loads a file called ".exe" (see NOTES below). Step 4. In the right window, highlight the key that loads the file and hit the DELETE key. Answer YES to delete the entry. Step 5. Exit the Registry Step 6. Reboot your computer Step 7. After the computer has restarted, open Windows Explorer Step 8. Go to the WINDOWS\SYSTEM directory and look for the ".exe" file (see NOTES below). It will NOT have a name to it, just an extension. Once you've found the file, DELETE it. Step 9. Also in the WINDOWS\SYSTEM directory, look for a file called "windll.dll". DELETE it as well. It's a file that's created by specifically by BO. Step 10. Exit Windows Explorer and reboot your computer. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.