Trojans - Info about Netbus & Back Orifice

Disclaimer

By viewing this site you agree that you will not use the information on this site for unlawfull purposes.This information is provided for educational purposes ONLY. If you do not agree to this ,then please leave this site NOW.

A bit of Info

A Trojan Horse is a program that is disguised in a useful application for the user. The user thinks that he is using a useful application,but without the users notice the Trojan gets triggered when the victim runs the program. This is similar to what we call as Virus but has some differences. The Trojan contains malicious code which may destroy the victims computer system or may spy on what the victim is upto.

Some Trojans can prove extremely dangerous , more dangerous then you can ever think of. Some of the Worlds most dangerous Trojans are NetBus & Back Orifice. These are considered to be extremely dangerous. You can consider them as the King of Trojans.If taken in a positive way these Trojans can be very useful. For example the NetBus Trojan can be used as good remote administrative tool. But when there negative points are taken into account , they can blow your mind. Actually these two Trojans themselves do not destroy any files or allocation tables on your hard drive. But when these Trojans are sent to a victim they can be controlled from a remote location, may be by a Hacker or so. A anonymous person can Download or Upload any files from the Victim's computer system. The anonymous guy can get control of the victims computer or server from a remote location & the hacker may run malicious code onto the victims computer. The hacker may look into your companies sensitive data & may get info on your bank accounts, or even worse, he may even get your Credit Card no & other bank details.

Infection
The victim gets infected by the following ways,
1) An E-mail attachment containing an executable file. But the trojan is activated only when the victim executes the file.
2) Via ICQ
3) By a person who has physical access to a system may execute the trojan by himself to spy.

When you get infected by this virus , the virus starts up automatically when Windows bootsup & silently opens doors for the hackers on the net to administrate your computer.

Checking whether you are infected by this virus
To check whether you are infected by Netbus,perform the following tasks,
1) Goto the Dosprompt
2) & Type the following,
telnet 127.0.0.1 12345
telnet 127.0.0.1 12346
After typing this the telnet window will open & if your telnet window read Netbus , then you are certainly infected by this harmfull trojan.

To check whether Back Orifice is present in your system type the following at your dos prompt,
netstat -an
Back orifice replies with UDP 0.0.0.0:31337 *:*

Netbus replies with,
TCP 0.0.0.0:12345
TCP 0.0.0.0:12346

If you get infected
If you get infected by this Trojan horse then i would recommend that you go in for a well known brand of Antivirus to remove it from your computer
Some of the Antivirus scanners which detect & remove these viruses are,
1) McAfee VirusScan
2) F-Secure Antivirus
3) The Cleaner

Beware about some of the other not so well known antivirus programes which describe that they are capable of removing these viruses as they themselves can prove to be harmfull trojans.