NetBus removal

Spyware NetBus Information
Name: NetBus Category: RAT Date: 2005-03-23 Author: Carl-Fredrik Neikter Coded in: Delphi Dangerous: Yes

NetBus is RAT which is malware.
NetBus Pro is easier to use than Back Orifice & is connected to Port 20034 [TCP], which is mostly blocked by firewalls. Installing it is highly not recommended.

NetBus description by Carl-Fredrik Neikter:

NetBus Pro is an easy-to-use remote administration & spy utility. Functions: Server Admin (set password, near server, restrict access) Host Info (system info, cached passwords) Message Manager File Manager (create/delete folder, upload/download/delete file) Window Manager Registry Manager Sound System Balance Plugin Manager Port Redirect Program Redirect File Actions (execute file, play sound, show picture, open document, print document) Spy Functions (keyboard listen, capture screen picture, capture camera video, record sound) Exit Windows (logoff, poweroff, reboot, shutdown) Client chat Open/Close CDROM Keyboard (disable keys, key click, restore keys) Mouse (swap buttons, resore buttons) Go To URL Send Text

This RAT is also known as:

•Backdoor.Netbus.12.
• Backdoor.Netbus.153.
• Backdoor.Netbus.160.a.
• Backdoor.Netbus.160.b.
• Backdoor.Netbus.170.
• Backdoor.Netbus.170 - named by Kaspersky.
• Backdoor.Netbus.20 - named by a.
• Bckdoor.Netbus.20.b.
• Backdoor.Netbus.20.c.
• Backdoor.Netbus.20.d.
• Backdoor.Netbus.21.
• Backdoor.Netbus.21.a.
• Backdoor.Netbus.21.b.
• Backdoor/Netbus.170 - named by Computer Associates.
• Backdoor/Netbus_Server_family - named by Computer Associates.
• corrupted. - named by Kaspersky.
• security risk or a "backdoor" program - named by F-Prot.
• Trj/Netbus.170 - named by Panda.
• W32/NetBus.backdoor.494592.B - named by F-Prot.
• Win32.NetBus.170 - named by Computer Associates.

>> Delete NetBus automatically - Download Spyware Doctor

NetBus Removal Instructions
Kill the following processes about.exe, core-netbus.pro.v2.01.exe, killme.exe, lramkit98br.exe, mp_bus.exe, mpower.exe, nagbbs.exe, nb2.0b.exe, nb2.0f.exe, nbpro201.exe, nbpro210.exe, nbsvr.exe, netbus.exe, patch.exe, sysedit.exe, wizjatv.exe
Unregister the following DLLs and reboot nbuninst.dll. _isreg32.dll in Program Files\printscreen2000\
Remove the following files about.dfm, about.exe, access.dfm, access.pas, addhost.dfm, addhost.pas, appredir.dfm, appredir.pas, chat.dfm, chat.pas, choose.dcu, choose.dfm, choose.pas, core-netbus.pro.v2.01.exe, data.dfm, data.pas, data.tag, data1.cab, data1.hdr, default.lng, domain.dcu, domain.dfm, domain.pas, drivelist.dcu, drivelist.pas, events.txt, fileact.dfm, fileact.pas, fileiterator.dcu, fileiterator.pas, filemgr.dfm, filemgr.pas, findhost.dfm, findhost.pas, fog.airraid.1728.com, fog.airraid.330.com, hostinfo.dfm, hostinfo.pas, hosts.txt, image.dfm, image.pas, img.dcu, img.dfm, img.pas, keydefs.dcu, keydefs.pas, keydll.dcu, keydll.pas, keyhook.dof, keyhook.dpr, keyhook.res, killme.exe, layout.bin, listen.dcu, listen.dfm, listen.pas, logg.dfm, logg.pas, lramkit98br.exe, main.dcu, main.dfm, main.pas, main2.dfm, main2.pas, memo.dcu, memo.dfm, memo.pas, mpower.exe, mp_bus.exe, msg.dcu, msg.dfm, msg.pas, msgmgr.dfm, msgmgr.pas, nagbbs.exe, nb2.0b.exe, nb2.0f.exe, nbpro20.txt, nbpro201.exe, nbpro210.exe, nbsvr.exe, nbuninst.dll, net1.7onc.txt, netbus.cnt, netbus.dof, netbus.dpr, netbus.exe, netbus.hlp, netbus.res, netbus.rtf, onxp.txt, patch.exe, pestpatrolnet1.7.txt, plugin.dfm, plugin.pas, polish.lng, portredir.dfm, portredir.pas, pwd.dfm, pwd.pas, read-me.html, readme.fuq, readme.txt, recsound.dfm, recsound.pas, regdlg.dfm, regdlg.pas, register.dfm, register.pas, regmgr.dfm, regmgr.pas, schedule.dfm, schedule.pas, scktcomp.dcu, scktcomp.pas, screen.dfm, screen.pas, sendkey.dcu, sendkey.dpr, sendkey.pas, sendkey.res, sendkey2.dcu, sendkey2.pas, settings.dfm, settings.pas, setup.ins, setup.pkg, share.dfm, shut.dcu, shut.dfm, shut.pas, sound.dcu, sound.dfm, sound.pas, splash.dfm, splash.pas, svrsetup.dfm, svrsetup.pas, sysedit.exe, temp.dsk, temp.wav, temp1.dsk, temp1.jpg, temp1.wav, transfer.dfm, transfer.pas, uninst.isu, unit1.dcu, unit1.dfm, unit1.pas, update.dfm, update.pas, volume.dcu, volume.pas, wave.dcu, wave.pas, webcam.dfm, webcam.pas, winmgr.dfm, winmgr.pas, ynbhelp.dpr, _sys1.cab, _sys1.hdr, _user1.cab, _user1.hdr. _isreg32.dll in Program Files\printscreen2000\ wizjatv.exe in Windows\
Remove the following directories Program Files\printscreen2000

Bookmark NetBus page

Previous Spyware: Remove NetBull 1.1b

Next Spyware: Remove NetBus 1.20