bo2k is crazy!
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: bo2k is crazy!

  1. #1
    Banned
    Join Date
    Apr 2002
    Posts
    156

    bo2k is crazy!

    I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.

  2. #2

    Re: bo2k is crazy!

    Originally posted here by Ryan Nyquist
    I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.
    That's a strange one. Wonder WTF is up with that!?!?!?!

  3. #3
    Senior Member
    Join Date
    Feb 2002
    Posts
    262
    I never heard of a trojan doing that so maybe the bo2k server was also infected with a virus...but then norton should have decteced that. I'm not sure.
    aislinn, Aria, BTBAM, chevelle, codeseven, Cky, dredg, evergreen terrace, from autumn to ashes,hopesfall, hxc, luti-kriss, nirvana, norma jean, shai hulud, this hero dies, tool, underoath, zao,

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Location
    Ireland
    Posts
    735
    I don't think it's BO2K...

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    112
    You should have just deleted the files on the spot. I'm not the type of person who really quarentines them because they're still in your system, just in another folder. Kind of like a Virus Jail, heh.
    Viper

  6. #6
    Banned
    Join Date
    Mar 2002
    Posts
    520
    I don't either. You'd figure maybe he bundled it with a certain virus. But to break the quarntine.... I never heard of something doing that..

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    115
    Use "The Cleaner," by Moosoft; that should kill the trojan

  8. #8
    I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.
    First of all, do not panic. Disable Norton and go here http://www.moosoft.com and download the Cleaner. It is specifically designed for trojans. Once it is found, trace where you might have got the infection. I have seen P2P and some newsgroups are ideal carriers. Once you have cleaned your system, make sure the server is not running by checking with

    START-->RUN--> type "command" and then "netstat -a"

    if you see any strange ports listening (BO2K's default server port is UDP 31337), check the service running and try again. Sometimes, the source is difficult to find due to the program's configurability, but most AV's should be able to detect it since it's one of the more common types, but I hear variants exist. Anyway, telltale signs of a trojan running are (but some never use these features because most like it stealthed"):

    1. Unexplained reboots
    2. Files being added, moved or removed mysteriously
    3. CDROM opens and closes by itself
    4. Calls from your ISP for suspicious activity
    5. Mouse moves around by itself
    6. Strange messages popping out of nowhere

    Other things might happen too, but are not so obvious until it is too late such as stolen passwords, eavesdropping, and theft of private information. If you are certain it is a trojan, make sure you change all passwords and call your ISP and tell them you were infected.

    btw, once the infection is found and fixed by the cleaner, turn Norton back on and rerun just to make sure... hope this helps.

  9. #9
    Banned
    Join Date
    Apr 2002
    Posts
    156
    No its gone now. I had to take my computer to a technician. It screwed up Windows files that caused Windows not to even start up. I could not delete it because for some reason it didn't give the decision. I could only clean it (which failed) or quarantine it. It could have had some other virus attached to it that disables the quarantine. It was the Back Orifice 2000 trojan because that was what it showed me it was. It could have been more than one trojan in one server file too. One could have been Back Orifice 2000 one Sub7 and then a couple of viruses to disable antivirus programs and quarantines. Ohh and it was Norton AutoProtect that wouldn't let me use Windows. A blue and red screen popped up that said something like "Norton AutoProtect is missing serious program files" and when I clicked O for Ok nothing would happen. I am quessing the missing program files were from the hacker deleting virus definitions. It was really screwed up!

  10. #10
    It could have been more than one trojan in one server file too. One could have been Back Orifice 2000 one Sub7 and then a couple of viruses to disable antivirus programs and quarantines.
    Probably not. You see, once somebody has access to your box such as BO2K, then they can do whatever you can. Of course, the attacker COULD have uploaded a worm, virus, or more servers (a BO2K server cannot be combined with a SUB7 server from what I have seen) to cause more damage, but the most likely cause is the BO2K server itself. My guess is somebody had a field day deleting, moving and messing with your files until your box didn't boot any longer.

    If you have been compromised this badly, no telling what other damage has been caused. Do what was suggested: Change all your passwords and tell your ISP about it in case they noticed any suspicious activity (How? Some kiddies use trojans to act as a "springboard" to hide their identites, and cause you to be a go-between so to speak... and it can get really, really ugly).

    I wish you the best of luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides