Scribd Logo
Importer

Bienvenue sur Scribd !

  • Virus and Remedies

    Transféré par

    Jignesh Patel
    12 vues2 pages
    "Backdoor" and trojan horse (hidden / masked) programs are used by attackers. With a backdoor program installed, the attacker gains complete control over your system. Backdoor programs should be removed as soon as possible after detection.

    Description originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    DOC, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    "Backdoor" and trojan horse (hidden / masked) programs are used by attackers. With a backdoor program installed, the attacker gains complete control over your system. Backdoor programs should be removed as soon as possible after detection.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    12 vues2 pages

    Virus and Remedies

    Transféré par

    Jignesh Patel
    "Backdoor" and trojan horse (hidden / masked) programs are used by attackers. With a backdoor program installed, the attacker gains complete control over your system. Backdoor programs should be removed as soon as possible after detection.

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme DOC, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 2

    Virus and Remedies

    BACKDOOR PROGRAM REMEDIES

    “Backdoor” and trojan horse (hidden/masked) programs are used by attackers to


    access your computer system without your knowledge or consent. Some are
    introduced through e-mail messages, and some are hidden within files, programs or
    games that are downloaded from the Internet. With a backdoor program installed,
    the attacker gains complete control over your system. They can shut down or restart
    your computer, retrieve your cached/saved passwords, and can upload, download,
    and change or delete files and programs on your system. They can launch attacks
    on other computer systems, install programs, or trash data and files. Backdoor
    programs should be removed as soon as possible after detection.

    • Make sure your anti-virus software has the latest udpates.


    • Take your computer off-line.
    • Run a full system anti-virus scan of your computer.
    • Follow specific additional instructions for the backdoor you have, to
    completely remove it.
    • Change ALL of your passwords. Any account you have accessed from the
    machine is now at risk.

    Subseven Backdoor Program:


    Use an anti-virus program to remove the Subseven Backdoor.

    1. Download and install the Symantec Anti-Virus software available at


    http://helpdesk.its.uiowa.edu/virus/
    2. Install the latest virus pattern update, using the "LiveUpdate" function in the
    program.
    3. Run the antivirus program to scan your system for this backdoor. It will find
    and remove it from your system.

    Back Orifice Backdoor Program:


    WARNING: Use the registry editor with extreme caution. You may wish to consult
    with the ITS Help Desk (4-HELP) for assistance with the removal of this backdoor
    program from your system.

    1. Using the Registry editor, find the


    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunS
    ervices registry key.
    2. Find and delete the registry entry named (Default) that has a data value of
    .exe
    3. Restart the computer. IMPORTANT: Do not delete the file below until your
    computer has been restarted!
    4. Delete the file exe~1 from C:\Windows\System

    NetBus Trojan Horse Program:


    WARNING: Use the registry editor with extreme caution. You may wish to consult
    with the ITS Help Desk (4-HELP) for assistance with the removal of this backdoor
    program from your system. Detailed removal instructions for all versions of NetBus
    can be found at http://www.hackfix.org/netbusfix/

    1. Using the Registry editor, find the


    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    key
    2. Find, note the program name, and delete all values with the /nomsg option.
    The value may vary, but will always have /nomsg. (If you can’t find this value,
    see below for further instructions on removing Netbus 1.6 or later.)
    3. Restart the computer. IMPORTANT: Do not delete the files below until your
    computer has been restarted!
    4. Delete the programs that you noted in step 2, using the find files utility on your
    system. (eg, SysEdit.exe KeyHook.dll patch.exe)
    5. Empty your recycle bin.

    For NetBus 1.6 or later:

    1. From a DOS command prompt, type: telnet <your computer name> 12345 If
    NetBus 1.6 or NetBus 1.7 appears with a value after it, a password has been
    set. (Otherwise no password has been set, so skip step 2.)
    2. If a password has been set, type: Password;1 where 1 is the value noted in
    the NetBus banner. (The command will not display.)
    3. Type: RemoveServer;1 (The command will not display.)

    Back Oriface 2000 Backdoor Program:


    WARNING: Use the registry editor with extreme caution. You may wish to consult
    with the ITS Help Desk (4-HELP) for assistance with the removal of this backdoor
    program from your system.

    1. Using the Registry Editor, find the


    HKEY_LOCAL_MACHINES\System\CurrentControlSet\Services" key
    2. Look for a key called "Remote Administration Service" (not to be confused
    with RemoteAccess service) and open the key if it exists.
    3. Find and delete a value called "ImagePath". Check to see if the name of the
    executable is "UMGR32.exe".
    4. Restart the computer. . IMPORTANT: Do not delete the file below until your
    computer has been restarted!
    5. Delete the file "umgr32.exe" located in your Windows system directory
    (probably c:\windows\system32).
    Copyright © 2005 The University of Iowa. All rights reserved.

    Vous aimerez peut-être aussi