Backage (3.1.1)
Server name: Backage
Version: 3.1.1
Different versions:  [3.0][3.01][3.1][3.1.1][3.2 SE]
Tested: Yes, on Windows 95 and Windows NT
Server size: 116.5K
Server files: MSkernel16.exe
Server icon:

Infects: Windows 95/98/ME
Autoloads: System.ini, win.ini and registry:
Default port: 334 TCP
Can port be changed: No

Server Features

  • Chat with server
  • Disable/enable ALT-CTRL-DEL
  • Get information
  • Get screen shot
  • Hide/show task bar
  • Lock screen on/off
  • Open/close CD-Rom
  • Reboot windows
  • Run file
  • Send keys
  • Send message
  • Send to URL
  • Set mouse position
  • Swap mouse buttons
  • View list of open windows

 
Comments 
Backage is a small French trojan. This trojan has a client similar to SubSevens. Backage has a edit server program, this program allows the "hacker" to change what port Backage listens on and set a ICQ UIN to be notified by the server. 

How To Remove 
Quick fix: no quick fix programs
Manual removal:

  1. Remove the Internet Explorer Plugin key in the registry located at HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices also remove the SystemKernel32 key in the registry HKEY_USERS\.Default\Software\Win\RUN.Which can be done with regedit or any other registry editing program. 
  2. Open the system.ini(Usually c:\windows\system.ini) and remove the key: shell=Explorer.exe MSkernel16.exe. under [boot], to shell=explorer.exe. This can be done with any text editing program.
  3. Open the win.ini(Usually c:\windows\win.ini) and remove the key: run=MSkernel16.exe under [Windows], this can be done with any text editing program.
  4. Reboot the computer or close MSkernel16.exe.
  5. Delete the trojan file MSkernel16.exe in the windows directory. 

 
Related 
Article: General removal info
Section: Test your knowledge, take our Trojan Quiz
Service: Trojan removal
Service: Tell a friend about this trojan
Service: Print this page
 
 
Copyright © 2000 and 2001, Dark Eclipse Software. All rights reserved. 
This page may not be redistributed or reproduced in any manner without specific written permission from Dark Eclipse Software. If permission to use this page is desired then contact Dark Eclipse Software. While we consider the content of this page to be accurate, we cannot guarantee either the accuracy or the appropriateness of any portion of the page, including our analysis and manual removal. 
Any actions taken by a reader in response to this or any other Dark Eclipse Software page are completely and solely their responsibility.