Academic Information
Systems


CONTENTS

BoDetect

What Is It

How To Detect and Remove It

More Information

RELATED LINKS

Network Information for Students
(Step-by-Step Guide)

Registration

Printing to AcIS Printers

Getting Help

RCC List

Getting Started

Back Orifice, NetBus, and Others

Remote Administration Utilities Designed as Trojan Horses

  • What Are Back Orifice and NetBus?
  • Detecting and Removing Back Orifice and NetBus

    •

    What Are Back Orifice and NetBus?

    Back Orifice and NetBus are two programs known as trojan horses that can be extremely harmful to an "infected" computer. They were designed for the purpose of gaining unauthorized control over someone else's computer without their knowledge. This makes them a security risk and is why they are classified as trojan horses. While they are not viruses, they can be just as damaging, if not more so, and many virus detection programs have started adding the ability to detect and remove them. These virus removal programs are not completely adequate in removing all instances of these program, so AcIS and RHNO recommend the use of a program called BoDetect 2.5. More information about this program can be found in the next section.

    Go here for more information regarding Back Orifice and NetBus

    Detecting and Removing Back Orifice and NetBus

    Back Orifice and NetBus can both be removed using a program called BoDetect 2.5. If you have any problems obtaining or installing this software, contact your dorm's RCC or send an email to rhno@columbia.edu.

    BoDetect all clear message Once installed, BoDetect can be run by selecting its icon in the "Start Menu". BoDetect will automatically search through your system from Back Orifice and NetBus. If neither trojan is detected, BoDetect will notify you of that fact.

    If trojans are detected, a window will open listing the the detected trojans, where they are located, and it will offer you a button to remove them. Selecting this button will disable the trojan program, remove any Windows Registry entries it might have created and remove the files that make up the trojan. A dialog box will let you know when this process is completed.

    BoDetect trojan detection message

    BoDected trojans removed message Once all trojans have been removed from your system, AcIS/RHNO highly recommends you change your cunix account password it case it was compromised while the trojan was active. For information on how to do this, email rhno@columbia.edu or call the AcIS Helpline at 854-1919.

    BoDetect in the status bar

    BoDetect includes other features that allow it to constantly run in the status bar of a computer to prevent further infestations of Back Orifice and NetBus. This feature can be controlled within the Options tab of BoDetect. For more information on the use of these features, consult the documentation that comes with BoDetect.

    BoDetect options window


    Academic Information Systems
    rhno@columbia.edu - 22 February 1999 - 212 854.1919