bo2k is crazy!

[Ryan Nyquist]

I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.

[Ratman2]

Originally posted here by Ryan Nyquist
I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.

That's a strange one. Wonder WTF is up with that!?!?!?!

[Mucolaca]

I never heard of a trojan doing that so maybe the bo2k server was also infected with a virus...but then norton should have decteced that. I'm not sure.

[jethro]

I don't think it's BO2K...

[Viper]

You should have just deleted the files on the spot. I'm not the type of person who really quarentines them because they're still in your system, just in another folder. Kind of like a Virus Jail, heh.

[JRoc]

I don't either. You'd figure maybe he bundled it with a certain virus. But to break the quarntine.... I never heard of something doing that..

[gamemaster6502]

Use "The Cleaner," by Moosoft; that should kill the trojan

[alittlebitnumb]

I recently got infected with the Back Orifice 2000 (bo2k) trojan and Norton AntiVirus 2002's AutoProtect noticed it on my system. I could not clean it so I quarantined it. When I quarantined it, it broke through the quarantine! AutoProtect then notified me that the Norton Quarantine folder (something like C:/Program Files/Quarantine) was infected! It then broke free and started creating havoc on my system. I never knew a trojan could do this.

First of all, do not panic. Disable Norton and go here http://www.moosoft.com and download the Cleaner. It is specifically designed for trojans. Once it is found, trace where you might have got the infection. I have seen P2P and some newsgroups are ideal carriers. Once you have cleaned your system, make sure the server is not running by checking with

START-->RUN--> type "command" and then "netstat -a"

if you see any strange ports listening (BO2K's default server port is UDP 31337), check the service running and try again. Sometimes, the source is difficult to find due to the program's configurability, but most AV's should be able to detect it since it's one of the more common types, but I hear variants exist. Anyway, telltale signs of a trojan running are (but some never use these features because most like it stealthed"):

1. Unexplained reboots
2. Files being added, moved or removed mysteriously
3. CDROM opens and closes by itself
4. Calls from your ISP for suspicious activity
5. Mouse moves around by itself
6. Strange messages popping out of nowhere

Other things might happen too, but are not so obvious until it is too late such as stolen passwords, eavesdropping, and theft of private information. If you are certain it is a trojan, make sure you change all passwords and call your ISP and tell them you were infected.

btw, once the infection is found and fixed by the cleaner, turn Norton back on and rerun just to make sure... hope this helps.

[Ryan Nyquist]

No its gone now. I had to take my computer to a technician. It screwed up Windows files that caused Windows not to even start up. I could not delete it because for some reason it didn't give the decision. I could only clean it (which failed) or quarantine it. It could have had some other virus attached to it that disables the quarantine. It was the Back Orifice 2000 trojan because that was what it showed me it was. It could have been more than one trojan in one server file too. One could have been Back Orifice 2000 one Sub7 and then a couple of viruses to disable antivirus programs and quarantines. Ohh and it was Norton AutoProtect that wouldn't let me use Windows. A blue and red screen popped up that said something like "Norton AutoProtect is missing serious program files" and when I clicked O for Ok nothing would happen. I am quessing the missing program files were from the hacker deleting virus definitions. It was really screwed up!

[alittlebitnumb]

It could have been more than one trojan in one server file too. One could have been Back Orifice 2000 one Sub7 and then a couple of viruses to disable antivirus programs and quarantines.

Probably not. You see, once somebody has access to your box such as BO2K, then they can do whatever you can. Of course, the attacker COULD have uploaded a worm, virus, or more servers (a BO2K server cannot be combined with a SUB7 server from what I have seen) to cause more damage, but the most likely cause is the BO2K server itself. My guess is somebody had a field day deleting, moving and messing with your files until your box didn't boot any longer.

If you have been compromised this badly, no telling what other damage has been caused. Do what was suggested: Change all your passwords and tell your ISP about it in case they noticed any suspicious activity (How? Some kiddies use trojans to act as a "springboard" to hide their identites, and cause you to be a go-between so to speak... and it can get really, really ugly).

I wish you the best of luck.