Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/BackOrifice_2k.Trojan

Overview

Threat Risk MEDIUM MEDIUM
Destructivity NONE NONE
Payload
Detection files published
Description created 20 Aug 2000 03:00:00
Description updated 08 Nov 2001 02:30:00
Malware type TROJAN
Alias
Spreading mechanism EMAIL
NETWORK
OTHER
Summary None

W32/BackOrifice_2k.Trojan

Spreading

Backdoor programs like BO2K are typically sent as attachments to email with innocent looking file names.

Payload Details

n/a

Analysis

n/a

Removal

To remove the trojan it is necessary to delete some entries from the Registry. This has to be done manually. Follow the procedure below. Run a virus scan and make a notice of all detected files.Click Start|Run and type Regedit.Search the registry for keys containing any of the detected files. By default this would be a file named "UMGR32.EXE", located in the c:\windows\system folder (c:\windows\system32 on WinNT/2000).When running Windows NT/2000, go to; \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\UMGR32.EXEWhen running Windows 95/98, go to; \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\UMGR32.EXEDelete these registry keys.Reboot the computer and delete the file ("UMGR32.EXE").Perform a complete scan at you system, just to make sure you have removed all variants of BackOrifice.


Last Updated: 12 Nov 2015 11:06:11