Back Orifice

Back OrificeBO, CDC-BO, BOSERVE, BOCLIENT, Orifice, Hacktool, Back_OrificeToolkit sometimes used as a TrojanPCsOctober 15, 1998This toolkit was originally considered a malicious Trojan, as it allows remote access to a user's systems. Once installed, a connection is opened from the user's system to the Internet and the server portion of the toolkit. This allows complete access, including surreptiously. Back Orifice uses filenames and registry keys closely resembling those of legitimate programs. Pay close attention to spelling, spacing and capitalization when identifying a possible Back Orifice installation.Search for the following key in the HKEY_LOCAL_MACHINE section of the registry:

\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

and look for one of the following values:

(Default) " .exe"
WindowsTour ="Tour98.exe"
System Tray = "SysTry.ocx"

• F-Secure description
• McAfee description
• Symantec description
• Trend Micro description