BoDetect v1.5


BoDetect v1.5
Copyright 1998 by Chris Benson
All rights reserved


-------- Acceptable Use Statement ---------------------------------

Read the EULA (eula.txt) agreement bundled with this software.
You must accept the terms of the license agreement before using
this software.

-------------------------------------------------------------------

---------------
BoDetect Usage
---------------
BoDetect is easy to use.  Simply unzip the zip file into a temporary directory and run 'setup.exe'. Follow the instructions to install BoDetect to a directory of your choice. When you start it, you'll see a button labeled 'Detect'.  Click it and if Back Orifice is detected, you get detailed information on how many instances were found, the names of the executables and registry keys they were installed as.

Then, just click on 'Remove' and BoDetect will remove Back Orifice from your system instantly.  The infected files will be renamed to a safe name so they cannot be accidentally executed. The scheme BoDetect uses to rename files is like this:
If the infected file is called 'keyboard.drv'
BoDetect renames it to 'keyboard.drv.BOD'
If the infected file is installed as the default of ' .exe', then BoDetect will
rename it BACKORIFICE.BOD for easier distinction.

The renamed file(s) will be moved to a directory called 'Infected Files' that will be created in the same directory as BoDetect.  You can delete them or do whatever you want to with them! BoDetect also creates a log file (BoDetect.log) that details the registry keys that were removed and the program files that were renamed. 

Uninstallation
To uninstall BoDetect, go to 'Control Panel' then 'Add/Remove Programs' and select BoDetect for uninstallation. You will need to remove the 'Infected Files' directory and the BoDetect.log file manually.


Upgrades, bug fixes and additions:

v1.5 - Added an installation program for easy setup and removal of BoDetect. User
Interface has been reworked a little. Fixed a bug that sometimes incorrectly
identified the %windows% path. Scanning engine upgraded. Now detects and
removes certain leftover BO files and registry keys that can be created from
certain configurations of Back Orifice. Also now removes the 'windll.dll'
file that BO creates when it is run.

v1.0.2 - Modified the scanning engine for better detection. The generated log file has been
cleaned up and should be easier to readInfected files now moved to 'Infected Files'
directory rather than being left in win/sys.

v1.0.1 - Fixed bug that sometimes prevented the infected file from being renamed. This
only occurred in cases where back orifice was installed under its default
name of " .exe". It was an intermittant problem, but now any infected file
that was named " .exe" is now renamed to BACKORIFICE.BOD for easy distinction.

-------- Comments, Suggestions, or Bug Notices Go Here ------------

cbenson@spiritone.com

-------------------------------------------------------------------

Takes you back to Net protection page

Denna sida gjordes 99-03-24

Du är besökare nummer

Denna sida uppdaterades även 98-03-24 KL: 23:19