Back Orifice Trojan Registry Repair?
![Matt Petersen [Symantec]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXt4uvRKjLeuzeHpOzlxYEnGFAvk8KTl-JGFeCFSMMg63BO6w=s40-c)
Matt Petersen [Symantec]
wrote:
>Configuration Information:
> Version: 4.0
>
>Hi,
>
> I sucessfully removed the BOT from my pc with NAV 4.04. I do not
>know how to remove the registry information that NAV advised to do.
>Can you give me a step by step system to follow to do this?
>
>Thanks Dave
Hello Dave,
Thank you for using the Symantec Online Discussion Groups.
There are a few web pages that discuss this Back Orifice program and
methods for removing it:
http://www.freetips.com/boserve.html
http://www.pchell.com/internet/boserve.html
The Trojan will write to the Registry, under the RunServices key.
This entry needs to be removed as well. This all is explained at the
web sites above. They include step by step instructions for removal
of the trojan, including the Registry key. I hope that this helps.
Please let us know if we can be of further assistance.
------------------------------------------
Sincerely,
Matt Petersen [Symantec Corp.]
Senior Product Support Analyst
Please continue to post your messages to the public discussion groups as Symantec does not provide support via private e-mail.
If you have difficulty getting a response, please read the following article:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/1998527114414
For free technical support newsletters, Knowledge Base support articles, our Online Support Genie, and FAQs, visit our Norton AntiVirus support page:
http://service.symantec.com/nav
------------------------------------------
David Oldham
I went into my registry and there was no .exe file there. I
don't know if the person that installed this file on my machine has
renamed it or not. When I run Norton U 3.0.4 it does change some
registry information. I'm don't know if this is being changed by the
BOT or not.
I'm a little more than concerned that it is.
What can I do?
Thanks, Dave