Home | About Us | Contact Us | Threats to your Security on the Internet | Products | Support | Online Store

RCT's & RAT's
What are they?
How do I detect them?
How many are there?
What ports do they use?

How do I Remove?
Acid Shivers
Acid Shivers (modified)
Back Orifice
Baron Knight
Big Gluck
Blade Runner
Deep Back Orifice
Delta Source
Doly Trojan
Deep Throat
Deep Throat v2
Executer v1
Executer v2
Hack 'a' Tack
Master's Paradise
NetBus 2 Pro
Sockets 'de Troie
SubSeven (Sub7)
Whack-a-mole (NetBus)

Additional Resources
Latest News
Recommended Books
Recommended Links
Recommended Software

NetBus 2 Pro

Well, it was bound to happen...

Carl-Fredrik Neikter (the creator of the original NetBus) has decided to release a new version of NetBus, called NetBus 2 Pro. Rumor has it that Carl decided to release a "legitimate" version of the application because of everyone's interest in the original.

NetBus 2 Pro currently affects Windows 95/98 PC's and Windows NT PC's.

The "server" portion (typically named "NBSvr.exe") is approximately 599kb in size.

Port 20034 (by default) is used to establish its connection between the "client" and "server".

Once installed, it is rerun every time the computer is started by means of an entry under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices" branch in the Registry.

Who is Responsible?

NetBus 2 Pro was written by Carl-Fredrik Neikter (cf@trancometer.se), a Swedish programmer. Carl is the creator of the original NetBus as well.

Provided below, is a picture of what the "client" portion of the software looks like. It's what the remote user would use to control your system. What could be easier than "pointing and clicking" your way through another users PC?

NetBus Pro GUI screenshot

How to Remove

Several steps involve working within the Windows 95/98 or Windows NT registry. And although the steps are easy, I cannot be held responsible if a mistake is made. Please use caution.

Step 1.
type REGEDIT and hit ENTER

Step 2.
In the left window, click the "+" (plus sign) to the left of the following:

NetBus Pro GUI screenshot

Step 3.
In the right window, look for the key with the Name of "NetBus Server Pro" and a Data value that loads a file called "nbsvr.exe", then delete it.

Step 4.
In the left window, click the "+" (plus sign) to the left of the HKEY_CURRENT_USER branch.

NetBus Pro GUI screenshot

Step 5.
In the list below, look for NetBus Server entry. Highlight it and delete it.

Step 6.
Exit the Registry Editor, and then reboot your system to MS-DOS mode.

Step 7.
Change to the WINDOWS directory (or the WINDOWS\SYSTEM directory) and delete the following files:

and Log.txt

Step 8.
Reboot your system.

Congratulations, NetBus 2 Pro has been removed from your system.

While Commodon Communications does not participate in or condone the activities of hacking. We recognize the need to educate persons who express an interest so they can better identify the activities associated and to better protect themselves and/or their organization. If you're interested in purchasing software for the purpose of learning the subject of hacking and Internet Security click here to visit our online store.

    © Copyright Commodon Communications. All rights reserved.