Author Topic: Back Orifice (Read 7157 times)

Melhior · « **on:** June 18, 2003, 11:36:01 PM »

Well... what can I say... avast 4 pro didn't find _anything_ in the client file of Back Orifice. No comments.

techie101 · « **Reply #1 on:** June 18, 2003, 11:46:42 PM »

What can you say?

Well, a lot more than you did. We can't help you if we don't know what you are talking about.

My Avast Pro works fine against anything including Black Orifice.

Give us some details in you want help.
That's why we are all here!

techie101 · « **Reply #2 on:** June 18, 2003, 11:48:49 PM »

Black....Back.....

What the heck. Same thing.

Hahahaha

Melhior · « **Reply #3 on:** June 19, 2003, 12:01:09 AM »

Well. I've got some trojans on CD. So, I decided to test avast on-access protection. Nothing happend when I've opend directory with trojans. Another atniviruses i used - Kaspersky AV, DrWeb, Norton AV - alerted me immediately in such case.
Than. As you know, trojans consist of a client and server. And if PC is infected. it's infected with client.
Avast found nothing in client file, but found BO in server file, heh. Kaspersky AV and DrWeb found BO in client file as well.

techie101 · « **Reply #4 on:** June 19, 2003, 04:27:38 AM »

Ok Mel,

Now we are on track here. I understand fully what you are saying. Yes, a trojan will infect as you said.
What were the names of the trojans that the other AVs found on your system?
I would like to check to see if they are listed in the database file that Avast uses.

If they are not, then we need to get Avast Support Team involved here. If they are, then we need to look further into your Avast setup.

Ok? If Avast is not identifying the trojans, then this is of concern to all of us out here.

$:-\$

raman · « **Reply #5 on:** June 19, 2003, 05:25:31 AM »

Quote from: Melhior on June 19, 2003, 12:01:09 AM

Than. As you know, trojans consist of a client and server. And if PC is infected. it's infected with client.

No, you can not "infect" a PC with a Client. The Server component is the Backdoor. You only need the Client to configure the Server. It is not realy necessary to dentify the Client of a Backdoor. But most of the AV-Programms do.

Waldo · « **Reply #6 on:** June 19, 2003, 01:21:44 PM »

Melhior, I don't know why your Avast Version doesn't detect trojans ? But my version of Avast! 4.0 PRO finds them without fault.

Because of my intrests in Virusses and Trojans I do a lot of "testing" with multiple of them. If i'm testing, I have to close down AVAST,otherwise it is just impossible to excecute client side of trojans (offcourse i don't install the server on my pc, i'm not crazy...) But I can't work with ANY trojan or backdoor or keylogger if AVAST is running.

This is awsome protection !

I have used many (maybe all) trojans in the following link :

http://www.astalavista.com/trojans/

AVAST!4.0 PRO with High Heuristics settings detects them ALL.

techie101 · « **Reply #7 on:** June 19, 2003, 04:47:19 PM »

Mel,

Boy, I must have been sleeping when I read your question. I let the "client" thing slip by. Glad that Raman and Waldo join in.

I ran my Avast with XP and it detects most of the trojans I tested it with.

Have the database been updated lately?

Has the program updated to the newest version?

techie101 · « **Reply #8 on:** June 19, 2003, 05:01:17 PM »

Mel,

Ok...now that I had my morning coffee...
I thought you might like additional info on the Back Orifice:

For Back Orifice to work, the server application must be installed on the target computer. This involves executing the server application on the target computer. The server application is a single executable file with a size of just over 122 KB. The application creates a copy of itself in the Windows\System folder and adds a value containing its file name to the Windows registry under the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

The specific registry value that points to the server application is configurable. By doing so, the server application always starts whenever Windows starts, and thus is always active. The application will not appear in the Windows task list.

The target computer must be running either Windows 95 or Windows 98. The server application will not run on Windows NT. I am not sure how it functions with Win2000, ME or XP versions, but since these programs are built off similar bases, the manner of infection should be the same. The target computer must have TCP/IP network capabilities.

We still need to find out why your Avast doesn't pick it up.

Maybe the Avast Support Team can review your log file.
I unfortunatley am not experienced enough yet to do it for you, but can only pass on what I have learned from others in the forum, and from fixes I have discovered on my own using Avast and playing around with it.

It is a great program worthy of the work that has been put into its' develpment.

Melhior · « **Reply #9 on:** June 19, 2003, 09:27:27 PM »

Oh well, I think I understand now. Heh, I had a kinda bug in my head

. Thanx to everybody... an sorry for a mess!!!

Author Topic: Back Orifice (Read 7157 times)

Melhior

Back Orifice

techie101

Re:Back Orifice

techie101

Re:Back Orifice

Melhior

Re:Back Orifice

techie101

Re:Back Orifice

raman

Re:Back Orifice

Waldo

Re:Back Orifice

techie101

Re:Back Orifice

techie101

Re:Back Orifice

Melhior

Re:Back Orifice