| Port No | 54321 |
| Service Name | Back Orifice |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Back Orifice 2000 is now able to infect Windows NT systems. This trojan was released as open source but nothing much has ever come of this. |
| Reference Link | Back Orifice Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ Key: UMG32.EXE It does the following : Add/List shares on Microsoft networks Capture AVI Capture screen Capture still picture Chat Choose between XOR and 3DES encryption Compress files DNS stuff Email using servers computer Get passwords Get system info Http file server List capture devices List connections List/Start/Kill process Load/Debug/List/Remove plugins Lock up machine Log keystrokes Map network Ping Play WAV can also loop it Plugin support Port redirection Query Reboot Machine Receive file Registry editor Send file Send message box Shutdown/Reboot/Logoff/Poweroff Shutdown/Restart server Start/List/Stop butt plugs Start/List/Stop command socket Start menu on/off View/Kill apps Removal : 1.Remove the UMG32.EXE key located in the registry at: HKEY_LOCAL_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\. Which can be done with regedit or any other registry editing program. 2. Reboot the computer or close the trojan file. 3. Delete the trojan file UMG32.EXE in the windows system directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.