Instala alguno de los programas comentados en esta página (todo es automático). Si alguna vez has utilizado el BOgui.exe seguro que estás infectado. No sólo el BOserver contiene el troyano sino todos los demás ejecutables.

Otra manera sencilla de saberlo es utilizando el Windows Process Watcher que es de microsoft y es gratuito. Para conseguir este programita que solo ocupa 17k y te permite observar todos los procesos activos (incluso los que no aparecen pulsando ctrl+alt+supr) vete a http://www.microsoft.com/windows/downloads/contents/powertoys/w95procwatcher/default.asp. El Windows Process Watcher te dará la lista de los programas activos y sus "paths", con el explorador de windows podrás buscar todos los programas listados. Si encuentras el BO... sigue leyendo. Esta imagen muestra un ordenador infectado (el mio):

AntiGen 1.0
12:59 AM 8/9/98
============
During Defcon 6, a group known as "Cult of the Dead Cow" released a trojan horse and
utility called Back Orifice. If the trojan is installed on your computer, Back Orifice will
allow anyone on the internet to have complete access to your machine.

This, is a bad thing.

In comes AntiGen, a program to automatically detect, clean, and destroy the BOserve
(Back Orifice Server) program from your computer.

AntiGen is freeware, and a public service from Fresh Software to the people who
user the Internet.

How to use:
=========
Just run the program and follow the instructions on your screen.

Bugs:
=====
1.01 - Fixed a critical bug where antigen would fail to set itself up to run after the next boot.

Greetz:
======
The Messiah - a great friend and teacher
Jon Holmes - that dude from England!
cyc0 - has excuses for everything ;)
Epicurus - always good conversation with this guy
puppet - I respect him for writing NukeNabber
darkfly - great friend and business partner

Contact Info:
==========
Fresh Software
40 Market Ave
Port Edwards, WI
54469

http://www.arez.com/fs
fresh@arez.com

<EOF>

Back Orifice Eliminator removes the threat of Back Orifice from your computer. It finds, closes, and uninstalls Back Orifice. When it does, it pops up a message box to tell you what happened.

The Back Orifice Eliminator continuously monitors the computer, and disables the "hidden" Back Orifice component when it appears, so your
computer cannot be contacted by the Back Orifice controller.

The Back Orifice Eliminator consists of three files: BOelim.exe (the program itself) and and two documentation files, BOelim.hlp and BOelim.cnt.

The Back Orifice Eliminator is free and can be freely distributed. We make it available as a public service.

This version of the Back Orifice Eliminator has been tested against Back Orifice 1.20, released July 1998. Inevitably, the Cult Of The Dead Cow will develop updates to Back Orifice. When they do, Bardon will update the Back Orifice Eliminator to match. Visit our website at http://www.bardon.com for the most recent Back Orifice Eliminator, and for information on our systems management and security products.

Back Orifice Eliminator is copyright 1998 Bardon Data Systems. No fee is required for its use. It can be freely distributed through any channel, including online services, BBSs, Internet sites, CD-ROMs, vendor offerings, book/disk sets, or in any other way, as long as all Back Orifice Eliminator files are included unchanged as supplied in this package.

Back Orifice Eliminator is provided "as is" without warranty of any kind, either expressed or implied, including but not limited to implied warranties of merchantability and fitness for a particular purpose. In no event shall the developer be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if the developer has been advised of the possibility of such damages.

<EOF>

<EOF>

    This is how you would rid yourself of BO for good (and detect if it installed on your
comp). Just follow these simple instructions:

1) Go to 'start', then choose 'run' from the list.
2) type in regedit
3) Go to: HKEY_LOCAL_MACHINE* - SOFTWARE* - Microsoft* - Windows* - Currentversion* - RunOnce
4) Delete the 1 thing that is in the folder (by right clicking on it and choosing delete, or
highlight it and press the 'delete' key)
5) Then delete the iconless file located in c:\windows\system\ (to do this restart your comp in
dos mode or you will not be able to delete the file)
6) When in dos you will have a screen with this on it:
    c:\windows>
Change that to: c:\windows\system>, to do this:
    c:\windows>cd system (press enter)
Type this to get a list of all the .exe file on that directory:
    c:\windows\system>dir.exe
There should be one there called '_.exe' or ' .exe' or '.exe' delete that file by typing:
    c:\windows\system>del XXXXX (XXXXX = the file's name)
7) If it says del successful -or- del completed (or something along those lines) then it is done
and you are free from anymore attacks. Now restart your comp and everything will be fine.

    Written by £lƒ of the P.E. Hackers
http://www.angelfire.com/ri/PEhackers/index.html
poison_elves@hotmail.com

<EOF>

!BO!FREEZE

Este simpático programa lo que hace es vigilar el puerto que tu le digas (por defecto el 31337) y te avisa si alguien intenta usar el BOgui (Boclient) contigo, en ese caso el programa enviará paquetes MBD al presunto sinverguenza con lo que su Boclient se quedará totalmente frito. El programa funciona de maravilla y puedes pasarte un buen rato con el. Píllatelo en http://members.xoom.com/wzc/bof