BoDetect v2.01
Copyright 1998 by Chris Benson
All rights reserved


-------- Acceptable Use Statement ---------------------------------

Read the EULA (eula.txt) agreement bundled with this software.
You must accept the terms of the license agreement before using 
this software.

-------------------------------------------------------------------

--------------------------------
BoDetect Installation and Usage
--------------------------------
BoDetect is easy to use. Simply unzip the zip file into the directory where you want BoDetect to be installed.  The very first time you run BoDetect, it will display a dialog where you can set the options you want:

	- Autoscan:       If this box is checked, then BoDetect will scan your system automatically when it is first run.
	- Silent Mode:    Selecting this option will let BoDetect run silently, only alerting you if Back Orifice is
			  found on your system, or in the event of an error.
	- Monitor System: This option will enable BoDetect to run in the background and scan your system at user-defined
			  intervals (which you select from the list, in increments of one minute). If silent mode is
			  also enabled, BoDetect runs silently in the background until an infection is discovered.
	- Generate Log:	  This option lets you turn scan logging on or off.

After you set the options for the first time, a BoDetect icon will sit in your system tray.  Right clicking on this icon will bring up a menu.  From this menu you can do the following:

	- Open:		  This will bring up the main BoDetect dialog (Double clicking the tray icon does the same).
	- Detect:	  This option will initiate a system scan on demand.
	- Options:	  Brings up the 'Options' dialog you saw when you ran BoDetect for the first time.
	- About:	  Displays the standard about box, with a link to my website and email address.
	- Exit:		  Closes BoDetect.
	- UnInstall:	  This option will uninstall the BoDetect options from your registry.  Then just delete the 
			  program files to complete uninstallation.  To re-install, simply run BoDetect.exe again.

The main BoDetect dialog also has a menu featuring many of the same options as above.  There is a button labeled 'Detect'. Click it and if Back Orifice is detected, you get detailed information on how many instances were found, the names of the executables and registry keys they were installed as.  

Then, just click on 'Remove' and BoDetect will remove Back Orifice from your system instantly. The infected files will be renamed to a safe name so they cannot be accidentally executed.  The scheme BoDetect uses to rename files is like this: 
	If the infected file is called 'keyboard.drv' 
	BoDetect renames it to 'keyboard.drv.BOD'
	If the infected file is installed as the default of ' .exe', then BoDetect will
	rename it BACKORIFICE.BOD for easier distinction.

The renamed file(s) will be moved to a directory called 'Infected Files' that will be created in the same directory as BoDetect. You can delete them or do whatever you want to with them!  BoDetect also creates a log file (BoDetect.log) that details the registry keys that were removed and the program files that were renamed.

Uninstallation:
Right-click the BoDetect system tray icon, and select 'UnInstall BoDetect'. Then just delete the program files to complete uninstallation.  To re-install, simply run BoDetect.exe again.

-----------------------
BoDetect Error Messages
-----------------------
"BODetect could not register the scan engine"
This message occurs if the engine registration process fails. If you get this message, please try re-running
the program, it will usually work the second time.

"CoCreateInstance Failed"
This message occurs if the scan engine could not be initialized.  Please make sure the file 'bodengine.dll'
resides in the directory you installed BoDetect into. If you get this message, uninstall then re-install
BoDetect from the original zip file.

"Uninstallation Failed"
This message occurs if BoDetect is unable to remove its registry entries for some reason. 


Upgrades, bug fixes and additions:
v2.01  - Modified the installation procedure BoDetect uses to register the scan engine to 
	 improve reliability on certain systems. Fixed bug that could prevent options 
	 from being saved properly.

v2.0   - Removed the installation package I was using.  Too many people reported problems
	 using it.  Added 'AutoScan' so that BoDetect can automatically scan your system
   	 on startup without user interaction, if desired.  Added ability to enable/disable
	 event logging. Added 'silent' mode for easier use in automated environments (login 
	 scripts etc...).  Added 'timed scanning' feature so that BoDetect can monitor 
	 your system without user intervention.  Updated the user interface slightly.
	 Fixed bug in scanning engine that could affect file renaming under certain 
	 circumstances. 

v1.5   - Added an installation program for easy setup and removal of BoDetect. User 
	 Interface has been reworked a little.  Fixed a bug that sometimes incorrectly
	 identified the %windows% path. Scanning engine upgraded.  Now detects and 
         removes certain leftover BO files and registry keys that can be created from 
	 certain configurations of Back Orifice. Also now removes the 'windll.dll' 
	 file that BO creates when it is run.

v1.0.2 - Modified the scanning engine for better detection.  The generated log file has been 
	 cleaned up and should be easier to readInfected files now moved to 'Infected Files' 
	 directory rather than being left in win/sys.
	
v1.0.1 - Fixed bug that sometimes prevented the infected file from being renamed. This
	 only occurred in cases where back orifice was installed under its default 
	 name of " .exe".  It was an intermittant problem, but now any infected file
	 that was named " .exe" is now renamed to BACKORIFICE.BOD for easy distinction.



-------- Comments, Suggestions, or Bug Notices Go Here ------------
		
		cbenson@spiritone.com

-------------------------------------------------------------------
