This report is provided as a public service by Solscape Communications. We take no responsibility for the effectiveness of the programs and methods below, and are in no way affiliated with the makers of Back Oriface, NetBus, or either of the programs used to get rid of these bugs. Ok. Heres the deal. A recently released program is now out calledBack Oriface. Basically, what it is, is a program that runs just likePCAnywhere, only the user that is running the server does NOT knowtheir computer is being accessed. Thats the catch. BUT, the only wayto run the server is by executing a 122KB, iconless .EXE file called 'BOSERVE.exe.' This file may be renamed and distributed over suchprograms as .. say .. ICQ or DCC'd over IRC. It may come with that swellnew program you just downloaded, thinking it was the full versionthat you just saved yourself a bundle of money .. none the less,it will come .. most likely under a different name .. Lets assume you get a file called 'getops.exe' from an unknown IRCerwho claims it to be the latest hack for getting ops via a big script errorin Joe's IRC Client v. 3.1337 .. Your thinking "hmmm .. ops in #mp3might be kinda cool" and you decide to run it. It runs, and suddenlyits gone. Your screwed now, because you've just infected yourself,and that unknown IRCer is now accessing your system passwordsand starting keylogs .. and anyone that has a small knowledge or more of computers know that is never, ever good .. at all .. So how do you get rid of this nasty bug? Good question. the easiest way is to download the free program below. Just run it, and it will delete any trace of Back Oriface off of your system. (Note: This program is for Windows 95/98 only - Back Oriface does not effect Mac or Windows 3.1 users) boeliminator.exe Another dangerous trojan horse that works very much like Back Oriface is NetBus. To get rid of Netbus you need the following free program: netbuster131.exe Or, if the Back Oriface Eliminator program doesn't work for you, or you just like to make things difficult, here are the manual steps to delete Back Oriface. (NOTE: You do not need to follow these steps if you have already run the Back Oriface ELiminator program above. These steps do require a good working knowledge of Windows 95/98, and are not intended for the computer novice.) Step One: Download and run the actual Back Oriface program here.Now, once the program is open, make sure '127.0.0.1' is in the IP/Hostbox and click 'Send' to ping yourself. If a response is returned, then youknow for sure that you have the BO Trojan. Step Two: Once you have gotten a ping, scroll down the options in the'Commands' list until you see 'Process List'. It should list all the programsyou have running and then some. WARNING: CTRL+ALT+DEL WON'T SHOW THE TROJAN .. so .. now .. look for a program/process called 'C:\WINDOWS\SYSTEM\ .EXE'. When you find it, select 'Process Kill' from the Commands list. Then paste the copied process into the box labeled 'Process' and press 'Send' .. this will terminate the program. Step Three: Press the Start Button, goto Run, and click it. Now, type 'C:\WINDOWS\SYSTEM' and it should bring up a folder. Look for a file called ' .EXE' .. it has no icon. Click it ONCE and press delete. That will prompt you to delete the file, so select 'OK' or 'YES' .. Step Four: Its now time to edit the system registry. This will just make sure that the trojan is really gone and makes sure that any copies of it WILL NOT be run .. so .. do the following: 1: Open regedit 2: Go to 'HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/   CurrentVersion/RunServices. 3: Delete the key "DEFAULT' Now you are dis-infected and ready. Just to finalize everything, go back into BO and ping yourself. No response should be returned .. This report courtesy of Solscape Communications. Please visit our site, featuring the best in humor, chatting, design, games, music, and more. article written by Matt Dennewitz of The Font Emporium and Solscape Communications