---------------------HOW TO UNINSTALL BACK ORFICE---------------------- BACK ORFICE IS A TROJAN/VIRUS THAT INSTALLS ITSELF ON YOUR COMUTER WHEN YOU DOUBLE CLICK ON THE SERVER(.EXE). ONCE INSTALLED THE PORT 31337 IS LEFT OPEN UNLESS CHANGED FROM THE CLIENT OR THE SERVER CONFIG PROGRAM. ONCE THIS PROGRAM IS INSTALLED ON YOUR COMPUTER IT ALLOWS "HACKERS" OR PEOPLE TO GAIN ACCESS TO CERTAIN PARTS OF YOUR COMPUTER SUCH AS CACHED PASSWORDS, WORD DOCUMENTS, PERSONAL FILES AND JUST ABOUT ANYTHING ON YOUR COMPUTER. STEP 1: FIND OUT IF YOU HAVE THE BACK ORFICE SERVER ON YOUR COMPUTER BY GOING TO A DOS PROMPT AND TYPING netstat -a. THIS WILL LIST ALL PORTS THAT YOU HAVE OPEN. STEP 2: LOOK AT THE RESULTS OF YOUR netstat -a COMMAND. IF YOU HAVE BO ON YOUR COMPUTER YOU SHOULD SEE SOMETHING LIKE THIS; oemcomputer:31337. THE PORT 31337 IS OPEN AND WAITING FOR A BO CLIENT TO "TALK" TO IT. STEP 3: IF YOU DO NOT SEE THE PORT 31337 OPEN, THEN YOU DO NOT HAVE BACK ORFICE ON YOUR COMPUTER. STEP 4: IF YOU HAVE BO ON YOUR COMPUTER AND YOU WANT TO UNINSTALL IT THEN MOVE ON TO STEP 5 STEP 5: THE BO SERVER IS LOCATED IN THE C:\WINDOWS\SYSTEM DIRECTORY. YOU CANNOT SEE THE SERVER. ITS HAS NO ICON AND IS HIDDEN. SO HOW MIGHT YOU ASK YOU DELETE IT, ITS SIMPLE, JUST TAKE A DIFFERENT ROUTE. GO TO THE START MENU AND CLICK ON IT. THEN CLICK ON FIND. ONCE YOU ARE IN THE FIND PROGRAM, MAKE THE BOX THAT SAYS LOOK IN:, LOOK IN C:\WINDOWS\SYSTEM. THEN GO UP TO THE BOX THAT SAYS NAMED: AND ENTER *.EXE. THIS WILL LIST EVERY .EXE FILE IN C:\WINDOWS\SYSTEM. THEN SCROLL DOWN UNTIL YOU SEE AN ICON WITH NO NAME, THIS IS THE BO SERVER. IT SHOULD BE ABOUT 125 KBYTES. ONCE YOU HAVE LOCATED IT RIGHT CLICK ON IT. THEN CHOOSE PROPERTIES. THE PROPERTIES WILL TELL YOU WHERE IT IS LOCATED AND WHAT ITS NAME IS.(GUESS THE GUYS AT CULT OF THE DEAD COW DIDNT THINK OF EVERYTHING)THE FILE NAME SHOULD LOOK LIKE THIS C:\WINDOWS\SYSTEM\EXE~1. THAT IS WHAT IT WAS NAMED ON MY COMPUTER, BUT I DONT KNOW IF THE NAMES VARY. THEN PROCEED TO WRITE DOWN THE LOCATION AND NAME OF THE PROGRAM. THEN YOU SHUT DOWN YOUR COMPUTER IN MS-DOS MODE. IF YOU ARE UNFAMILIAR WITH DOS DONT GO PRESSING ALOT OF BUTTONS, JUST FOLLOW MY DIRECTIONS. ONCE YOU ARE AT A DOS PROMPT TYPE CD C:\WINDOWS\SYSTEM. THIS WILL CD OR CHANGE DIRECTORY TO C:\WINDOWS\SYSTEM WHERE YOU CAN DELETE THE BO SERVER. ONCE IN THE DIRECTORY NAMED C:\WINDOWS\SYSTEM YOU CAN PROCEED TO DELETE THE FILE. TYPE DEL EXE~1 OR WHATEVER THE SERVER MIGHT BE CALLED ON YOUR COMPUTER. THIS WILL DEL OR DELETE THE FILE EXE~1. STEP 6: IF YOU HAVE DELETED THE BO SERVER WITH NO PROBLEMS THEN YOU CAN RESTART IN WINDOWS. TYPE WIN OR EXIT AND YOUR COMPUTER WILL BOOT BACK UP INTO WINDOWS. THEN TO DOUBLE CHECK YOU GO AND TYPE THE netstat -a AGAIN, AND LOOK FOR 31337. IF WHEN YOU RESTART YOUR COMPUTER AN ERROR MESSAGE COMES UP THAT SAYS SOMETHING LIKE CANNOT FIND C:\WINDOWS\SYSTEM\EXE~1 THEN YOU WILL HAVE TO GO ONE STEP FURTHER TO COMPLETELY UNINSTALL BO. STEP 7: YOU WILL HAVE TO LOOK IN THE SYSTEM.INI OR THE WIN.INI FOR THE BOOT RECORD FOR THE BO SERVER. IF YOU DONT HAVE MUCH COMPUTER KNOWLEDGE I WOULD SUGGEST THAT YOU STOP N0W AND JUST BE THANKFULL THAT NO ONE CAN SEE YOUR PR0N PASSWORDS ANYMORE. IF YOU HAVE SOME KNOWLEDGE OR YOU FEEL YOU DO, GO RIGHT AHEAD, BUT YOU CAN SCREW THINGS UP BIGTIME BY EDITING THESE FILES AS WE ARE ABOUT TO DO. GO TO THE FIND AGAIN AND MAKE THE SEARCH DIRECTORY C:\. THEN TYPE SYSTEM.INI OR WIN.INI. AT THE TOP OF BOTH, THERE SHOULD BE SOMETHING THAT SAYS BOOT OR STARTUP OR SOMETHING LIKE THAT. LOOK FOR A COMMAND THAT TELLS YOUR COMPUTER AT STARTUP TO BOOT EXE~1. ONCE YOU HAVE FOUND THIS, DELETE THE ENTIRE LINE, BUT NOTHING ELSE. IF YOU FEEL THAT YOU HAVE DONE THIS CORRECTLY GO UP TO FILE AND SAVE IT. THEN RESTART YOUR COMPUTER AND WALLA NO MORE BO. -----------------------------PROBLEMS---------------------------------- I TESTED THIS METHOD ON MY COMPUTER SO YOU SHOULD HAVE NO PROBLEM WITH UNINSTALLING THIS TROJAN. IF YOU HAVE ANY PROBLEMS, QUESTIONS, OR ANY COMMENTS, PLEASE FEEL FREE TO E-MAIL ME AND I WILL GET BACK TO YOU A.S.A.P. ------------------------IN CONCLUSION---------------------------------- BACK ORFICE IS A GOOD PROGRAM THAT HAS MANY LEGAL USES AND MANY ILLEGAL USES. CULT OF THE DEAD COW IS A GOOD GROUP AND OBVIOUSLY KNOW THERE SHIT CAUSE EVEN MICROSOFT FEARS THIS TROJAN/VIRUS. YOU SHOULD ALWAYS KNOW WHAT YOU ARE DOWNLOADING ON THE NET. IF YOU FRIEND WANTS TO SEND YOU A SUPER LEETO NEETO GAME, SCAN IT FIRST. AND IF YOU DONT HAVE A VIRUS SCANNER, GO OUT AND BUY ONE SO YOU WONT HAVE TO WASTE YOUR TIME DOING THIS THE NEXT TIME. MOST VIRUSES/TROJANS ARE HARDER TO UNINSTALL AND SOMETIMES CANT BE UNINSTALLED SO WATCH WHAT YOU DOWNLOAD. THIS TEXT-FILE HAS BEEN WRITTEN BY MRTHRIPS. YOU CAN REACH ME AT MRTHRIPS@ANTI-SOCIAL.COM, THROUGH IRC AT #260C OR AT GO.TO/260C. HAPPY REMOVING