BoDetect v1.0.1
Copyright 1998 by Chris Benson
All rights reserved

-------- Comments, Suggestions, or Bug Notices Go Here ------------
		
		cbenson@spiritone.com

-------------------------------------------------------------------

Bug Fixes and Additions:
v1.0.1 - Fixed bug that sometimes prevented the infected file from being renamed. This
	 only occurred in cases where back orifice was installed under its default 
	 name of " .exe".  It was an intermittant problem, but now any infected file
	 that was named " .exe" is now renamed to BACKORIFICE.BOD for easy distinction.



-------- Acceptable Use Statement --------------
BoDetect is freeware.  Permission is granted for private use.  Corporations and government
organizations may also freely use BoDetect as long as it is not resold or bundled as part of
a commercial product without written consent of the Author (Chris Benson). 

By using BoDetect, you agree to this policy, and further agree that the Acceptable Use Statement
can be modified by the Author without notice.

Disclaimer:
The author makes no warranties about BoDetect.  Every effort has been made to ensure that
no problems occur with its usage.  The author accepts no responsibility for any data loss
or other system trouble that may occur from the use of BoDetect.
------------------------------------------------

---------------
BoDetect Usage
---------------
BoDetect is easy to use.  Simply unzip the zip file into a directory of your choice and run BoDetect.exe.  The logfile will be created in the same directory as well.

When you start it, you'll see a button labled 'Detect Back Orifice'.  Click it and if Back Orifice is detected, you get detailed information on how many instances were found, and what they were installed as (what registry keys and the names of the actual executables). 

From there, just click on 'Remove Back Orifice' and you're done.  BoDetect also creates a log file that details the registry keys that were removed and the program files that were renamed.  

I chose to rename the 'infected' files rather than delete them.  The reason for this is that this program is still an early release, and I want to make sure all of the bugs are worked out. BoDetect uses a 'signature' scanning process similar to an AntiVirus program to detect Back Orifice, so the chances of a false positive are very remote.

The scheme BoDetect uses to rename files is like this:
Infected filename is: 'keyboard.drv'
BoDetect renames it: 'keyboard.drv.BOD'

The renamed file will be in the /windows/system directory and can be deleted manually or left alone for that matter.  They will not cause any problems if you leave them.  


Known Issues and a Call for Ideas:
Logging is sparse at best, but will be beefed up in the next maintenence release, sometime within the next 2 weeks.

If you see any bugs or have any suggestions for improving BoDetect, please let me know!  I have several improvements planned, but I wanted to get a working version out ASAP.  Again, any ideas are welcome!