Thanks for downloading BoDetect v2.01. BoDetect is designed to detect and remove the Back Orifice trojan horse. It will do the following:
BoDetect only runs on Win95 and Win98. It is not supported on WinNT because Back Orifice doesn't work on NT (yet!).
10/18/98 v2.01 Modified the installation procedure BoDetect uses to register the scan engine to improve reliability on certain systems that reported trouble. Fixed bug that could prevent options from being saved properly. 10/05/98 v2.0 Removed the installation package I was using. Too many people reported problems using it. Added 'AutoScan' so that BoDetect can automatically scan your system on startup without user interaction, if desired. Added ability to enable/disable event logging. Added 'silent' mode for easier use in automated environments (login scripts etc...). Added 'timed scanning' feature so that BoDetect can scan your system for infection at user defined intervals. Updated the user interface, BoDetect now puts itself in your system tray. Fixed bug in the scanning engine that could affect file renaming under certain circumstances. 09/03/98 v1.5 Added an installation program for easy setup and removal of BoDetect. User Interface has been reworked a little. Fixed a bug that sometimes incorrectly identified the %windows% path. Scanning engine upgraded. Now detects and removes certain leftover BO files and registry keys that can be created from certain configurations of Back Orifice. Also now removes the 'windll.dll' file that BO creates when it is run. 08/22/98 v1.0.2 The scanning engine has been upgraded for better detection. The generated log file has been cleaned up and should be easier to read. Infected files are now moved to an 'Infected Files' directory after disinfection. 08/14/98 v1.0.1 Fixed a bug that might prevent the infected file from being renamed. The process would still be killed and the registry entries removed. This problem only occurs in cases where Back Orifice is installed under its default name of " .exe". Now any infected file that was named " .exe" is renamed to BACKORIFICE.BOD for easy distinction. 08/09/98 v1.0 Initial Release.
BoDetect is easy to use. Simply unzip the zip file into a temporary directory. Run the file 'setup.exe' and follow the instructions.. The very first time you run BoDetect, it will display a dialog where you can set the options you want:
- Autoscan: If this box is checked, then BoDetect will scan your system automatically when it is first run.
- Silent Mode: Selecting this option will let BoDetect run silently, only alerting you if Back Orifice is found on your system, or in the event of an error.
- Monitor System: This option will enable BoDetect to run in the background and scan your system at user-defined intervals (which you select from the list, in increments of one minute). If silent mode is also enabled, BoDetect runs silently in the background until an infection is discovered.
- Generate Log: This option lets you turn scan logging on or off.
After you set the options for the first time, a BoDetect icon will sit in your system tray. Right clicking on this icon will bring up a menu. From this menu you can do the following:
- Open: This will bring up the main BoDetect dialog (Double clicking the tray icon does the same).
- Detect: This option will initiate a system scan on demand.
- Options: Brings up the 'Options' dialog you saw when you ran BoDetect for the first time.
- About: Displays the standard 'about' box, with a link to my website and email address.
- Exit: Closes BoDetect.
- UnInstall: This option will uninstall the BoDetect options from your registry. Then just delete the program files to complete uninstallation. To re-install, simply run BoDetect.exe again.
The main BoDetect dialog also has a menu featuring many of the same options as above. There is a button labeled 'Detect'. Click it and if Back Orifice is detected, you get detailed information on how many instances were found, the names of the executables and registry keys they were installed as. Then, just click on 'Remove' and BoDetect will remove Back Orifice from your system instantly. The infected files will be renamed to a safe name so they cannot be accidentally executed. The scheme BoDetect uses to rename files is like this:
The renamed file(s) will be moved to a directory called 'Infected Files' that will be created in the same directory as BoDetect. You can delete them or do whatever you want to with them! BoDetect also creates a log file (BoDetect.log) that details the registry keys that were removed and the program files that were renamed.
Open control panel, select 'Add/Remove Programs' and then select BoDetect for uninstallation.
BoDetect is NOT an AntiVirus program, and ONLY detects and removes running copies of Back Orifice.
If you see any bugs or have any suggestions for improving BoDetect, please let me know!