Article ID: 237280 - Last Review: January 24, 2007 - Revision: 3.3

How to Determine If the "Back Orifice 2000" Virus Is Installed on Your Computer

View products that this article applies to.
This article was previously published under Q237280

On This Page

Expand all | Collapse all

SUMMARY

This article describes how to determine if the third-party Back Orifice 2000 software (sometimes known as a virus) is installed on your computer.
Back to the top

MORE INFORMATION

When Back Orifice 2000 is installed on a Windows-based computer, the computer can be remotely controlled by another user.

Although remote control software is not malicious in and of itself, Back Orifice 2000 is intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make detection of the program difficult. To protect your system, follow safe computing practices and use current anti-virus software.
Back to the top

How to Determine if Back Orifice 2000 Is Installed on Your Computer

  • For Computers Running Microsoft Windows 95/98 By default, the Back Orifice 2000 installation program modifies the following registry key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService
    with the following value:
    "Umgr32.exe"="C:\\Windows\\System\\Umgr32.exe e"
    NOTE: Umgr32.exe is the default file name for Back Orifice 2000, and it can be modified by the distributor of the program. If the file name is modified, the registry value contains the path to the designated file name.

  • For Computers Running Microsoft Windows NT The Back Orifice 2000 installation program installs and configures a service named Remote Administration Service.

    NOTE: The name of the service can be modified prior to installation.
Back to the top

How to Remove Back Orifice 2000

The makers of anti-virus and intrusion detection software are poised to quickly develop software that detects and removes Back Orifice 2000. Microsoft is working closely with manufacturers to assist in this process. Please refer to the following Microsoft Web site for more information as it becomes available:
http://www.microsoft.com/athome/security/default.mspx (http://www.microsoft.com/athome/security/default.mspx)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 95
  • Microsoft Windows 98 Standard Edition
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Back to the top
Keywords: 
kbinfo KB237280
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations