💾 Archived View for gemini.spam.works › mirrors › textfiles › uploads › unbo.txt captured on 2020-10-31 at 01:05:03.

View Raw

More Information

-=-=-=-=-=-=-

---------------------HOW TO UNINSTALL BACK ORFICE----------------------

BACK ORFICE IS A TROJAN/VIRUS THAT INSTALLS ITSELF ON YOUR COMUTER
WHEN YOU DOUBLE CLICK ON THE SERVER(.EXE).  ONCE INSTALLED THE PORT 31337
IS LEFT OPEN UNLESS CHANGED FROM THE CLIENT OR THE SERVER CONFIG PROGRAM.
ONCE THIS PROGRAM IS INSTALLED ON YOUR COMPUTER IT ALLOWS "HACKERS" OR
PEOPLE TO GAIN ACCESS TO CERTAIN PARTS OF YOUR COMPUTER SUCH AS CACHED
PASSWORDS, WORD DOCUMENTS, PERSONAL FILES AND JUST ABOUT ANYTHING ON 
YOUR COMPUTER.  


STEP 1: FIND OUT IF YOU HAVE THE BACK ORFICE SERVER ON YOUR COMPUTER BY
        GOING TO A DOS PROMPT AND TYPING netstat -a.  THIS WILL LIST ALL
	PORTS THAT YOU HAVE OPEN.

STEP 2: LOOK AT THE RESULTS OF YOUR netstat -a COMMAND.  IF YOU HAVE 
	BO ON YOUR COMPUTER YOU SHOULD SEE SOMETHING LIKE THIS;
	oemcomputer:31337.  THE PORT 31337 IS OPEN AND WAITING FOR A
	BO CLIENT TO "TALK" TO IT.

STEP 3: IF YOU DO NOT SEE THE PORT 31337 OPEN, THEN YOU DO NOT HAVE
	BACK ORFICE ON YOUR COMPUTER.

STEP 4: IF YOU HAVE BO ON YOUR COMPUTER AND YOU WANT TO UNINSTALL IT 
	THEN MOVE ON TO STEP 5

STEP 5: THE BO SERVER IS LOCATED IN THE C:\WINDOWS\SYSTEM DIRECTORY.
	YOU CANNOT SEE THE SERVER.  ITS HAS NO ICON AND IS HIDDEN.  
	SO HOW MIGHT YOU ASK YOU DELETE IT, ITS SIMPLE, JUST TAKE A
	DIFFERENT ROUTE.  GO TO THE START MENU AND CLICK ON IT.  THEN
	CLICK ON FIND.  ONCE YOU ARE IN THE FIND PROGRAM, MAKE THE BOX
	THAT SAYS LOOK IN:, LOOK IN C:\WINDOWS\SYSTEM.  THEN GO UP TO
	THE BOX THAT SAYS NAMED: AND ENTER *.EXE.  THIS WILL LIST 
	EVERY .EXE FILE IN C:\WINDOWS\SYSTEM.  THEN SCROLL DOWN UNTIL	
	YOU SEE AN ICON WITH NO NAME, THIS IS THE BO SERVER.  IT SHOULD
	BE ABOUT 125 KBYTES.  ONCE YOU HAVE LOCATED IT RIGHT CLICK 
	ON IT.  THEN CHOOSE PROPERTIES.  THE PROPERTIES WILL TELL YOU 
	WHERE IT IS LOCATED AND WHAT ITS NAME IS.(GUESS THE GUYS AT CULT
	OF THE DEAD COW DIDNT THINK OF EVERYTHING)THE FILE NAME SHOULD LOOK
	LIKE THIS C:\WINDOWS\SYSTEM\EXE~1.  THAT IS WHAT IT WAS NAMED
	ON MY COMPUTER, BUT I DONT KNOW IF THE NAMES VARY.  THEN PROCEED
	TO WRITE DOWN THE LOCATION AND NAME OF THE PROGRAM.  THEN YOU 
	SHUT DOWN YOUR COMPUTER IN MS-DOS MODE.  IF YOU ARE UNFAMILIAR	
	WITH DOS DONT GO PRESSING ALOT OF BUTTONS, JUST FOLLOW MY 
	DIRECTIONS.  ONCE YOU ARE AT A DOS PROMPT TYPE CD C:\WINDOWS\SYSTEM.
	THIS WILL CD OR CHANGE DIRECTORY TO C:\WINDOWS\SYSTEM WHERE
	YOU CAN DELETE THE BO SERVER.  ONCE IN THE DIRECTORY NAMED
	C:\WINDOWS\SYSTEM YOU CAN PROCEED TO DELETE THE FILE.  TYPE
	DEL EXE~1 OR WHATEVER THE SERVER MIGHT BE CALLED ON YOUR COMPUTER.
	THIS WILL DEL OR DELETE THE FILE EXE~1.  

STEP 6: IF YOU HAVE DELETED THE BO SERVER WITH NO PROBLEMS THEN YOU CAN 
	RESTART IN WINDOWS.  TYPE WIN OR EXIT AND YOUR COMPUTER WILL BOOT
	BACK UP INTO WINDOWS. THEN TO DOUBLE CHECK YOU	
	GO AND TYPE THE netstat -a AGAIN, AND LOOK FOR 31337.  IF WHEN
	YOU RESTART YOUR COMPUTER AN ERROR MESSAGE COMES UP THAT SAYS
	SOMETHING LIKE CANNOT FIND C:\WINDOWS\SYSTEM\EXE~1 THEN YOU 
	WILL HAVE TO GO ONE STEP FURTHER TO COMPLETELY UNINSTALL BO.

STEP 7: YOU WILL HAVE TO LOOK IN THE SYSTEM.INI OR THE WIN.INI FOR THE 
	BOOT RECORD FOR THE BO SERVER.  IF YOU DONT HAVE MUCH COMPUTER
	KNOWLEDGE I WOULD SUGGEST THAT YOU STOP N0W AND JUST BE
	THANKFULL THAT NO ONE CAN SEE YOUR PR0N PASSWORDS ANYMORE.  IF
	YOU HAVE SOME KNOWLEDGE OR YOU FEEL YOU DO, GO RIGHT AHEAD, BUT
	YOU CAN SCREW THINGS UP BIGTIME BY EDITING THESE FILES AS WE 
	ARE ABOUT TO DO.  GO TO THE FIND AGAIN AND MAKE THE SEARCH DIRECTORY
	C:\.  THEN TYPE SYSTEM.INI OR WIN.INI.  AT THE TOP OF BOTH, THERE
	SHOULD BE SOMETHING THAT SAYS BOOT OR STARTUP OR SOMETHING LIKE
	THAT.  LOOK FOR A COMMAND THAT TELLS YOUR COMPUTER AT STARTUP TO
	BOOT EXE~1.  ONCE YOU HAVE FOUND THIS, DELETE THE ENTIRE LINE, BUT
	NOTHING ELSE.  IF YOU FEEL THAT YOU HAVE DONE THIS CORRECTLY
	GO UP TO FILE AND SAVE IT.  THEN RESTART YOUR COMPUTER AND WALLA
	NO MORE BO.

-----------------------------PROBLEMS----------------------------------

I TESTED THIS METHOD ON MY COMPUTER SO YOU SHOULD HAVE NO PROBLEM WITH
UNINSTALLING THIS TROJAN.  IF YOU HAVE ANY PROBLEMS, QUESTIONS, OR 
ANY COMMENTS, PLEASE FEEL FREE TO E-MAIL ME AND I WILL GET BACK TO YOU
A.S.A.P.

------------------------IN CONCLUSION----------------------------------
BACK ORFICE IS A GOOD PROGRAM THAT HAS MANY LEGAL USES AND MANY ILLEGAL
USES.  CULT OF THE DEAD COW IS A GOOD GROUP AND OBVIOUSLY KNOW THERE SHIT
CAUSE EVEN MICROSOFT FEARS THIS TROJAN/VIRUS.  YOU SHOULD ALWAYS KNOW
WHAT YOU ARE DOWNLOADING ON THE NET.  IF YOU FRIEND WANTS TO SEND YOU
A SUPER LEETO NEETO GAME, SCAN IT FIRST.  AND IF YOU DONT HAVE A VIRUS
SCANNER, GO OUT AND BUY ONE SO YOU WONT HAVE TO WASTE YOUR TIME DOING
THIS THE NEXT TIME.  MOST VIRUSES/TROJANS ARE HARDER TO UNINSTALL AND 
SOMETIMES CANT BE UNINSTALLED SO WATCH WHAT YOU DOWNLOAD.

THIS TEXT-FILE HAS BEEN WRITTEN BY MRTHRIPS.  YOU CAN REACH ME AT 
MRTHRIPS@ANTI-SOCIAL.COM, THROUGH IRC AT #260C OR AT GO.TO/260C. 
HAPPY REMOVING