What are back door programs?|
How can I check my PC right now?
Back Orifice and NetBusThere are two major hacking programs in use now: NetBus and Back Orafice(BO). These programs do have a legitimate use in network security and analysis, but they can easily be used to snoop your PC at work or at home through your Internet connection. These programs can be disguised as harmless programs. These are often those goofy programs or screen savers people send through e-mail. When you click on the executable file in the email and watch the pretty fish swim across your screen, you have unwittingly let a "Trojian Horse" program onto your system. These programs a burried deep in the system files, often hidden from detection or cloaked at as a harmless file. When you log onto Internet, these programs force TCP ports open and allow virtually anyone with BO or NetBus administrator programs to detect your PC and access your files.
I was lucky enough to have a co-worker infect my PC with one of these programs so I could try to find it and disable it. Detecting these programs is fairly easy, removing them is more difficult, but not impossible! I had the advantage of knowing that this program was somewhere on my PC at the time. I have since written some batch files that help detect these programs and placed them in my Start-up folder so they will search for them everytime I log on.
DetectionCheck your PC right now!
Open a command prompt.
Type: NETSTAT -A and hit < ENTER >
If there is any activity on port 31337, you have Back Orafice installed.
If there is any activity on port 12345, you have NetBus installed.*
*These are the default ports for these programs, they can be configured for other ports!If either of these ports(or any other suspicious ports) are active, Telnet to yourself (localhost) at that port number. If you connect or a password window opens, you've been infected.
Copy and paste this into Notpad and save it as "hack_check.bat"
Backup SoftwareA less stealthy program, but never-the-less useful in hacking are backup programs like ARCserve. ARCserve is supposed to be used to back up PCs over a network, but can easily be used as a backdoor program. The problem is that this program looks like a lot of other junk that comes with your computer. You might not notice it because it is "backup" software. ARCserve can copy all the files in your hard disk in less than 15 minutes and is almost invisible when it is running. If it has been loaded on your system, it will show up in the Start Menu. Use the ARCserve uninstall or Windows remove program to get rid of it. If you have the ARCserve agent loaded on your PC for other reasons, be warned that anyone with the ARCserve manager software can do an "Auto-detect" and find your PC if it has an agent. The agent may be disabled when not in use.
Links that will help with Backdoor/Trojan detection and removalWebAttack Internet Tools
Virus Contol and Anit-Hacking
Netbus trojan virus(Proland Software)
NetBus and NetBuster
How to remove BO by hand