How can I check if I have Back Orifice 2000 installed?

A. Back Orifice 2000 is not a virus as such but a program that is usually maliciously installed on a machine and it allows it to be remotely controlled.

To check if its installed on your system for Windows 9x:

  1. Start the registry editor (regedit.exe)
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService
  3. Check for Umgr32.exe entry, if its there it will equate to something like 'C:\\Windows\\System\\Umgr32.exe e' however the image name can be changed

To remove consult with you anti-virus maker but you could delete the RunService entry to stop at once.

For Windows NT/2000 start the Service Control panel applet (for 2000 start the Computer Management MMC - Services and Applications - Services) and check for 'Remote Administrator Service. Again if its there consult your anti-virus vendor but stop the service and set to disabled.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.