If you have questions or suggestions that don't appear here, drop me a line!
Q) Why don't you use PGP to sign your program?
A) I do now use PGP, but before I can distribute signed programs, I have to check out some of the licensing issues. Stay tuned.
Q) I ran BoDetect and it said it removed Back Orifice, but my Anti-virus program keeps detecting it. What do I do?
A) When BoDetect finds and removes a Back Orifice 'infection', it first kills the running process to stop any intrusion into your system. It then takes steps to prevent Back Orifice from being restarted when you reboot.
Next, it removes the entries from your registry. Finally, it will rename the infected file by appending a '.BOD' on the end of the file name. So, a file like 'backOrificeInfectedFile.exe' becomes 'backOrificeInfectedFile.exe.BOD'. These files are moved into a directory called 'Infected Files' which will be created in the same directory that BoDetect is installed in.
Your Anti-virus program is probably detecting this file(s) as infected, even though they are no longer running. My suggestion is to delete these files manually, or let your Anti-virus program delete the files if it finds them.
Q) Your program is broken, man. What's the best way to let you know?
A) If you need to report a bug, please make sure you follow these instructions. This is the easiest way for me to debug and figure out what's wrong. If you think that BoDetect is not detecting an instance of Back Orifice on your system, please do the following:
Send me the 'bodetect.log' file that is in the directory where you installed BoDetect. Make sure you have run BoDetect so it has a log of its last-run information in it.
Send me the file you suspect is the Back Orifice executable. Please name the file 'BACKORIFICE.BOD'. That is important.
Send me a description of your situation. In other words, what makes you think you are infected. What is your OS, did you install Back Orifice yourself, or anything else relevant. Please send all of this to me in a single email, with the files sent along as attachments. I'll do my best to help you out.
For any other problems, like if you are getting error messages, just send me a description of the problem, plus the 'bodetect.log' file. Oh yeah, also make sure you are running the latest version of BoDetect.
Q) No offense, but I don't trust you. How do I know that BoDetect isn't just Back Orifice in disguise?
A) No offense taken. That is a fair and oft asked question. There are people who are supplying fake solutions to the Back Orifice problem, but I'm not one of them. BoDetect has been reviewed by ZDNet's HotFiles and CNet's Download.com, and both of these sites thoroughly check all submissions for viruses/trojans etc. If anyone needs/wants more information, feel free to email me!