Anyone know about this guy? sounds like a trojan to me but no info at AVG virus encyclopedia or Symantec security response.

It keeps coming up on a spybot scan. Also had coolwebsearch but got it with cwshredder.

Kev.

Have a look at this, it is not backdoorB exactly but it might help.

http://www.nwinternet.com/~pchelp/bo/bo.html

Here's another one not exactly backdoorB but close.

http://www.itsecurity.com/papers/bo2k.htm

looks like you might have found a new one.

It sounds like Back Orifice. If it is, look in your system32 folder for umgr.exe. That's the default server file name. If it's there delete it. It may be a running process, so you may have to end the process through task manager first.

Thanks guys. Yes, it is BackOrifice. I wrote it down wrong. I'll try the selected file delete and get back to you.

Thanks again.

-Kev

I never did find any files named umgr.exe or any registry keys matching the info from Symantec, but after letting HijackThis remove a few suspicious items and removing one suspicious-looking registry value the scan now comes up clean.

Boy, I hope I got this one cleaned. Reading all the info on how configurable this thing is, it seems that an attacker could make it nearly invisible.

Anyway, thanks for the input and especially the links.

-Kev