I installed a program to scan for BO
and I got two attacks so far. The program
gives me there IP and host addy, now what can I do about this?

09.1998
http://www.zdjournals.com/isa/s_isa/9809/isa9896.htm

http://www.allwhois.com/

What's BO?

Does BO only attack Microsoft products?

BO2K was released 07.10.99.

BO2K will currently run on Windows 95, Windows 98, Windows NT, and Windows 2000 systems. It only runs on Intel platforms at the moment.

I do NOT advocate this stuff.

First, credit and many thanks to smokin1 for the info in this post.

Learn more to keep yourself protected and to be informed about harmful stuff out there.

www.nwinternet.com/~pchelp/bo/bo.html (http://www.nwinternet.com/~pchelp/bo/bo.html)

Put this in your autoexec.bat to kill any remote such as BO, Netbus, and other variants:

DEL \patch.exe
DEL \windows\patch.exe
DEL \windows\system\windll.dll
DEL \windows\system\exe~1
DEL \windows\system\msgsv32.exe
DEL \windows\system\server.exe

I've already entered these lines into my autoexec.bat and during POST they come up as File Not Found - a good thing! /forum/smile.gif

Thanks again smokin1 /forum/wink.gif

Edit: DEL \windows\system\msgsv32.exe as corrected above is the correct line (not msgv32.exe previously posted)


[This message has been edited by socalgal (edited 10-09-99).]

socalgal,
Could you please tell me how get into auto.exe, bat so I may protect my computer. I don't know a whole hellova lot about the programing thing. Thanks

Go to Start Menu/Run, type in: sysedit

In Autoexec.bat, (I double line spaced after my previous entries in there) then copy and paste the DEL lines into the Autoexec.bat, then go to File and Save.

Always keep your antivirus protection up to date as this affords 'some' of the best protection. /forum/smile.gif

Oh, and here's the index link I forgot to post for more good info!
http://www.nwinternet.com/~pchelp/index.html

[This message has been edited by socalgal (edited 10-09-99).]

RED DOGG BO=Back Orifice ( dunno if the spelling is correct ) It's more like a trojan virus. How it works? Ok, it opens up a port on your computer when you go online ( mostly on IRC ) and all the person who knows that you have an open port ( specially the one who attacked you ) can connect to your puter and see what you do, run a program etc all your files and every little thing on your puter.. So BEWARE!! well at least that's what I know about the BO.. Hope I'm right.. ehehehehe /forum/wink.gif

[This message has been edited by mykel (edited 10-09-99).]

I always thought BO stood for "body odour". If my computer starts getting that I start to worry. It must be really overheating! /forum/biggrin.gif

[This message has been edited by DavidX (edited 10-11-99).]

More info. I should have included this before.

http://www.consult.umd.edu/faqs/pc/util/virus/backorifice.shtml

http://www.lgm.com/irchelp/security/bo.html

THANKS, Mr. Moderator!!!!!

THANKS, Mr. Moderator!!!!!

Ah. That would be "Ms." Moderator /forum/wink.gif
socalgal

You're most welcome. /forum/smile.gif

if ya wanna make an autoexec.bat file in dos just type copy con:autoexec.bat and type what she said to use...
i like the old dos way... but since i never install dos anymore except whatever part(s) of dos may be left in a win98 installation..hehe /forum/smile.gif

[This message has been edited by jokostel (edited 10-11-99).]

socalgal
Im confused, and also hesitent to go into programing. autoexec and the like. I read several pages of the link on this thing. and it is very confusing. all the stuff it says has to be done. your post says to insert just a few lines in autoexec bat to cure it. can it be this simple ?? help #8-)

SocalGAL,
Installed the lines in autoexec and
restarted my computer. It showed " files not found", does that mean it's clean of any BAD STUFF. I typed it in , didn't know how to copy \ paste from unless you meant a word proceesing page(??). Thanks (smile) Don't know that works either
The Pickel

What I understand from smokin1 and from reading the documentation, the DEL lines are a kind of stopgap measure in case these lines are found in the system's files, for example:

www.nwinternet.com/~pchelp/bo/bobasics.htm (http://www.nwinternet.com/~pchelp/bo/bobasics.htm)

Another direct giveaway is a file named windll.dll which BO places in the Windows\System folder every time it runs. (This is a sort of sub-program which implements BO's keyboard logging. BO works
fine without it, so removal of this alone is not a solution)

Please read the documentation carefully. It's not a cure-all.

I also am not a programmer in any sense of the word. But this information comes with permission to share from a source I trust (smokin1) and I do not believe he would lead me (and us) astray.

I understand your hesitancy. Chances are that you may never get BO, Netbus or the others, but alot depends where you go and what you do online, what, if any, security measures you take, what you download, your policy with email attachments, etc..

I do not recommend that you alter your system if you are uncomfortable doing so.

I would like to say that I feel one's best offense is a good defense, and the more knowledgeable one is and the better informed, then that one is much more ahead.

Keep reading and asking questions. I do not have most of the answers. But I am sure they are out there. /forum/wink.gif

Edit: pickel - If "File Not Found" is displayed under the DEL lines in POST, then Yes - that is good. To c&p, just highlight on the lines in the above post, copy (Ctrl + C) then open your Autoexec.bat, and paste (Ctrl + V). (I skipped a line before pasting, so that it's separate from any previous entry).


[This message has been edited by socalgal (edited 10-11-99).]

Go here for a Freeware version of BOshield:

BOshield is a Back Orifice server detection and
removal software that operates like the anti-virus
scanner VShield. It detects and disable running
Back Orifice and rename or delete them
depending on the user setting

http://davecentral.com/6732.html

Thanks Power-B! ...and good site too.

Yes davecentral.com is a very good site.
It's the second best site I visit, of
course this site is the BEST, and I
really mean this, for friendly
advice you can't beat this site!!
The members NEVER take advantage
of newbie's asking question that
for them can be VERY obvious.And
repetitive and believe me most
all BBS's or messages bases are
brutal to new users.

hats off to the members and the the
Site-Op of the VERY fine Base :-))