		B.O.R.E.D. v0.2 by MadBadger Software
	  Back Orifice Recognition, Extraction and Deletion
       -------------------------------------------------------

B.O.R.E.D. v0.2 - Introduction:
-----------------------------

B.O.R.E.D. is designed to protect PCs from installations of Back 
Orifice, a program released by Cult of the Dead Cow, which allows a 
remote user to access your PC in several ways over a network. Both 
Microsoft and ISS have issued warnings about this software although 
Microsoft claim that, "'BackOrifice' does not expose or exploit any 
security issue with the Windows platform or the Microsoft BackOffice 
suite of products."

This is not the case. If you are in an environment where more than one
user can access any particular PC, or where you may install software of
uncertain origins, you are potentially vulnerable to Back Orifice.

B.O.R.E.D. removes that threat by scanning your hard disk for any files
that may be working installations of Back Orifice (the filenames and
filesizes of the Back Orifice server are not fixed) and asks you if 
you wish to remove them.

If you are certain of the source of the files found by B.O.R.E.D., you
can choose not to remove them. Otherwise, B.O.R.E.D. will remove any
assosciated registry entries, then reboot your PC and complete the
removal of the specified executables.

Download and Installation:
--------------------------

B.O.R.E.D. can be downloaded in two forms:

i) Bored,zip contains only the executable and the readme. 

ii) Bored_rt.zip contains the executable, the readme and the runtime
libraries used by the program. Since most of the DLLs used by B.O.R.E.D.
are already present on most PCs, you can probably get away with just
downloading the smaller	zip. 

Bored.zip - contains the following files:
	Bored.exe
	Readme.txt

Bored_rt.zip contains the following files 
		(ver. numbers where appropriate:)
	Bored.exe
	Readme.txt
	Msvbvm50.dll		05.00.4319 (SP2)
	StdOle2.tlb		2.20.4122
	OleAut32.dll		2.20.4122
	OlePro32.dll		2.20
	AsycFilt.dll		2.20.4122
	Ctl3d32.dll		2,31,0,0
	ComCat.dll		4.71

To install B.O.R.E.D., simply copy all the files in the zip to your
Windows\System folder (you may want to create backups of your original
DLLs first in case of version conflicts with other software). We 
suggest you create a shortcut to Bored.exe and place it in your startup
group. It only takes a second to run and will guarantee that Back 
Orifice is detected if it is ever installed on your machine.

Using B.O.R.E.D.:
---------------

Run the exe (either via a startup shrtvut, or by double-clicking on the
file) and let it go. There is no interaction unless Back Orifice is
found on your system. In this case, B.O.R.E.D. will offer to remove the 
offending files and registry entries. If you agree, B.O.R.E.D. will
then restart your computer and run itself again on the next login/
startup (even if you don't have a shortcut in your startup group) to 
complete the removal of the files. If you choose not to remove the 
files that B.O.R.E.D. finds, it will ask you again next time it is run.

Problems and Bug reports:
-------------------------

B.O.R.E.D. has been tested with Windows 95 but not Windows 98 although 
it should run on the latter. It is not designed for and has not been 
tested on Windows NT, but given that Back Orifice doesn't run on NT 
either, it doesn't need to be.

B.O.R.E.D. has been tested with both the default and customised
installations of Back Orifice, however there may be ways to circumvent
it. If you find any conditions in which B.O.R.E.D. doesn't detect Back
Orifice, or any other faults with the software, (someone care to do 
some Windows 98 testing?) please e-mail sjs@st-andrews.ac.uk. 
Include "Bored-bugs" in the subject line.

Disclaimer:
-----------

This software is freeware. You may reproduce and distribute it in a
non-profit fashion in it's original form. The zips provided may not be
modified and the software may not be sold. If you wish to use this 
program on any software compilation, please contact the author for 
permission.

This software is provided as is and you use it at your own risk. The
author is not responsible for anything resulting from installation, use
misuse or abuse of this software. After all, we're only trying to 
help....

More info:
----------

The author can be contacted at: sjs@st-andrews.ac.uk


Microsoft's statement on Back Orifice can be found at:
  http://www.microsoft.com/security/bulletins/ms98-010.htm


ISS's statement on Back Orifice can be found at:
  http://www.iss.net/xforce/alerts/advise5.html

