Text 284, 1093 rader
Skriven 2007-04-08 20:22:00 av KURT WISMER (1:123/140)
Ärende: News, April 8 2007
==========================
[cut-n-paste from sophos.com]
Name W32/Spybot-NO
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Scans network for vulnerabilities
Prevalence (1-5) 2
Description
W32/Spybot-NO is a worm with IRC backdoor functionality for the
Windows platform.
Advanced
W32/Spybot-NO is a worm with IRC backdoor functionality for the
Windows platform.
W32/Spybot-NO spreads to other network computers by exploiting common
buffer overflow vulnerabilities, including RealVNC (CVE-2006-2369).
W32/Spybot-NO runs continuously in the background, providing a
backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels.
When first run W32/Spybot-NO copies itself to
<System>\dllcache\upnt.exe.
The file upnt.exe is registered as a new system driver service named
"Universal Printer NT Service", with a display name of "Universal
Printer NT Service" and a startup type of automatic, so that it is
started automatically during system startup. Registry entries are
created under:
HKLM\SYSTEM\CurrentControlSet\Services\Universal Printer NT Service
W32/Spybot-NO sets the following registry entries, disabling the
automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
4
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates
the Microsoft Internet Connection Firewall (ICF).
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N
Name W32/Delfer-C
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Downloads code from the internet
Aliases
* Generic Downloader.d
* Worm.Win32.Delf.br
Prevalence (1-5) 2
Description
W32/Delfer-C is a worm for the Windows platform.
W32/Delfer-C includes functionality to access the internet and
communicate with a remote server via HTTP.
Advanced
W32/Delfer-C is a worm for the Windows platform.
W32/Delfer-C includes functionality to access the internet and
communicate with a remote server via HTTP.
Upon execution W32/Delfer-C attempts to copy itself to the available
C shares with the filename setup.exe. W32/Delfer-C also creates the
file Autoexec.bat, this file maybe safely deleted.
Name Troj/Renos-T
Type
* Trojan
Affected operating systems
* Windows
Side effects
* Downloads code from the internet
Aliases
* Trojan-Downloader.Win32.Agent.bkd
* Win32/Hoax.Renos.NAT
Prevalence (1-5) 2
Description
Troj/Renos-T is a downloader Trojan for the Windows platform.
Advanced
Troj/Renos-T is a downloader Trojan for the Windows platform.
Once installed, Troj/Renos-T will display fake system error and fake
virus messages.
Name Troj/QQPass-JDD
Type
* Spyware Trojan
How it spreads
* Web browsing
Affected operating systems
* Windows
Side effects
* Steals information
* Downloads code from the internet
* Records keystrokes
* Installs itself in the Registry
* Monitors browser activity
* Installs adware
Aliases
* Win32.Troj.QQPass.dg
Prevalence (1-5) 2
Description
Troj/QQPass-JDD is a password stealing Trojan for the Windows platform.
Troj/QQPass-JDD can arrive as a result of web browsing. Visiting
certain web sites may initiate the download process. Certain web
pages may exploit vulnerabilities associated with Microsoft Internet
Explorer to silently download and install/run the Trojan without user
interaction.
Advanced
Troj/QQPass-JDD is a password stealing Trojan for the Windows platform.
Troj/QQPass-JDD can arrive as a result of web browsing. Visiting
certain web sites may initiate the download process. Certain web
pages may exploit vulnerabilities associated with Microsoft Internet
Explorer to silently download and install/run the Trojan without user
interaction.
When Troj/QQPass-JDD is installed the following files are typically
created:
<Common Files>\Microsoft Shared\MSInfo\SysInfo1.dll
<Common Files>\System\icwres.ocx
<Common Files>\System\isignup.dll
<Common Files>\System\isignup.sys
<Windows>\winform.exe
<System>\winform.dll
Note: some of the above files will have the hidden and system
attributes set.
The files icwres.ox and isignup.sy are detected seperately as
Troj/QQSpy-Gen. The file SysInfo1.dl is detected seperately as
Mal/QQPass-B.
The following registry entry is created to run winform.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winform
<Windows>\winform.exe
The file SysInfo1.dll is registered as a COM object and ShellExecute
hook, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHoo
ks
HKCR\CLSID\{7F4D1081-25FD-44F5-99C6-FF271CFB7EC2}
Registry entries are created under:
HKCU\Software\Microsoft\qqjdd
Name W32/Chinegan-A
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Downloads code from the internet
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Scans network for vulnerabilities
* Scans network for weak passwords
Aliases
* Backdoor.Win32.Agent.aly
* Win32/AGbot
Prevalence (1-5) 2
Description
W32/Chinegan-A is a worm for the Windows platform.
Advanced
W32/Chinegan-A is a worm for the Windows platform.
W32/Chinegan-A spreads to other network computers by exploiting
Symantec (SYM06-010) and by copying itself to network shares
protected by weak passwords.
W32/Chinegan-A includes the following functionality:
- Download and execute code from a remote server via HTTP
- File transfers using FTP
- Exploits VNC servers with weak or no passwords
- Automatically adds itself to Windows Firewall Policy
When first run W32/Chinegan-A copies itself to:
<Program Files>\Common Files\inst32\inst32.exe
and creates the following registry entries:
HKLM\SYSTEM\CurrentControlSet\Services\inst32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INST32
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall
Policy\StandardProfile\AuthorizedApplications\List\<Program
Files>\Common Files\inst32
inst32.exe
<Program Files>\Common Files\inst32\inst32.exe:*:Enabled:inst32
Name W32/Looked-CZ
Type
* Virus
How it spreads
* Network shares
* Infected files
Affected operating systems
* Windows
Side effects
* Steals information
* Downloads code from the internet
* Installs itself in the Registry
Prevalence (1-5) 2
Description
W32/Looked-CZ is a virus and network worm for the Windows platform.
Advanced
W32/Looked-CZ is a virus and network worm for the Windows platform.
W32/Looked-CZ infects files found on the local computer.
W32/Looked-CZ also copies itself to remote network shares and may
infect files found on those shares.
W32/Looked-CZ includes functionality to access the internet and
communicate with a remote server via HTTP. W32/Looked-CZ may attempt
to download and execute additional files from a remote location.
When first run W32/Looked-CZ drops the file <Windows>\RichDll.dll
which is also detected as W32/Looked-CZ.
W32/Looked-CZ may also create many files with the name "_desktop.ini"
in various folders on the infected computer. These files are harmless
text files and can be deleted.
Name W32/Vanebot-AK
Type
* Spyware Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Steals information
* Reduces system security
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Scans network for vulnerabilities
* Scans network for weak passwords
Prevalence (1-5) 2
Description
W32/Vanebot-AK is a worm with IRC backdoor functionality for the
Windows platform.
Advanced
W32/Vanebot-AK is a worm with IRC backdoor functionality for the
Windows platform.
W32/Vanebot-AK spreads to other network computers by exploiting
common buffer overflow vulnerabilities, including: LSASS (MS04-011),
SRVSVC (MS06-040), RPC-DCOM (MS04-012), PNP (MS05-039), ASN.1
(MS04-007), RealVNC (CVE-2006-2369) and Symantec (SYM06-010).
W32/Vanebot-AK runs continuously in the background, providing a
backdoor server which allows a remote intruder to gain access and
control over the computer via IRC channels.
W32/Vanebot-AK includes functionality to access the internet and
communicate with a remote server via HTTP.
When first run W32/Vanebot-AK copies itself to <System>\system.exe.
The file system.exe is registered as a new system driver service
named "SYSTEMSVC", with a display name of "Windows System Service"
and a startup type of automatic, so that it is started automatically
during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\SYSTEMSVC
W32/Vanebot-AK sets the following registry entries, disabling the
automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\Messenger
Start
4
HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry
Start
4
HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr
Start
4
Registry entries are set as follows:
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
EnableFirewall
0
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
EnableFirewall
0
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
DoNotAllowXPSP2
1
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\Security Center
Name Troj/Dloadr-AWT
Type
* Trojan
Affected operating systems
* Windows
Side effects
* Downloads code from the internet
Aliases
* BackDoor-DJD.dldr
Prevalence (1-5) 2
Description
Troj/Dloadr-AWT is a downloading Trojan for the Windows platform.
Advanced
Troj/Dloadr-AWT is a downloading Trojan for the Windows platform.
Troj/Dloadr-AWT will attempt to download the file sysdrv.exe to the
shell folder defined by the following registry entry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Common Templates
Troj/Dloadr-AWT will then execute the downloaded file.
Name W32/Rbot-GLK
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Installs itself in the Registry
* Downloads updates
* Enables remote access
* Scans network for vulnerabilities
* Scans network for weak passwords
Aliases
* Backdoor.Win32.IRCBot.wt
Prevalence (1-5) 2
Description
W32/Rbot-GLK is a network worm with IRC backdoor functionality for
the Windows platform.
Advanced
W32/Rbot-GLK is a network worm with IRC backdoor functionality for
the Windows platform.
W32/Rbot-GLK spreads by exploiting common network vulnerabilities.
W32/Rbot-GLK allows a remote attacker to gain access and control over
the infected computer using IRC channels.
When first run W32/Rbot-GLK copies itself to <System>\algose32.exe
and creates the following registry entries to run algose32.exe on
startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Offices Monitorse
<System>\algose32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Offices Monitorse
<System>\algose32.exe
W32/Rbot-GLK sets the following registry entries in order to secure
the infected computer against further exploits:
HKLM\SOFTWARE\Microsoft\Ole\
EnableDCOM
N
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
restrictanonymous
1
Name Troj/PWS-AME
Type
* Spyware Trojan
Affected operating systems
* Windows
Side effects
* Steals information
* Installs itself in the Registry
Prevalence (1-5) 2
Description
Troj/PWS-AME is a password stealing Trojan for the Windows platform.
Advanced
Troj/PWS-AME is a password stealing Trojan for the Windows platform.
When first run Troj/PWS-AME copies itself to <Windows>\mppds.exe and
creates the file <System>\mppds.dll.
The file mppds.dll is detected as Troj/PWS-AKZ.
The following registry entry is created to run mppds.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mppds
<Windows>\mppds.exe
Name W32/Delbot-AF
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Installs itself in the Registry
* Exploits system or software vulnerabilities
Aliases
* W32/Nirbot.worm
Prevalence (1-5) 2
Description
W32/Delbot-AF is a worm for the Windows platform with IRC backdoor
functionality.
W32/Delbot-AF runs continuously in the background, providing a
backdoor service through which a remote user can access the computer.
Advanced
W32/Delbot-AF is a worm for the Windows platform with IRC backdoor
functionality.
W32/Delbot-AF runs continuously in the background, providing a
backdoor service through which a remote user can access the computer.
W32/Delbot-AF spreads
- to computers vulnerable to common exploits, including: RPC-DCOM
(MS04-012) and Symantec (SYM06-010)
- to MSSQL servers protected by weak passwords
- to network shares
W32/Delbot-AF includes functionality to download, install and run new
software.
When first run W32/Delbot-AF copies itself to <System>\stdafx.exe and
downloads the file \ertg.exe
The following registry entry is created to run stdafx.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
StdAFX
<System>\stdafx.exe
Name Troj/Hiphop-G
Type
* Spyware Trojan
Affected operating systems
* Windows
Side effects
* Steals information
* Downloads code from the internet
* Records keystrokes
* Installs itself in the Registry
Aliases
* Trojan-Spy.Win32.Agent.pn
* TSPY_AGENT.JPI
Prevalence (1-5) 2
Description
Troj/Hiphop-G is a data stealing Trojan for the Windows platform.
Advanced
Troj/Hiphop-G is a data stealing Trojan for the Windows platform.
Troj/Hiphop-G includes functionality to silently download, install
and run new software.
When Troj/Hiphop-G is installed the following files are created:
<Windows>\mywinsys.ini
<System>\AlxRes070307.exe
<System>\scrsys070307.scr
<System>\scrsys16_070307.scr
<System>\winsys16_070307.dll
<System>\winsys32_070307.dll
The following registry entry is created to run code exported by
winsys16_070307.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe,rundll32.exe <System>\winsys16_070307.dll start
Name W32/Lovgate-AL
Type
* Worm
How it spreads
* Network shares
* Peer-to-peer
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Installs itself in the Registry
Prevalence (1-5) 2
Description
W32/Lovgate-AL is a worm with backdoor functionality that spreads via
email, network shares with weak passwords and filesharing networks.
Advanced
W32/Lovgate-AL is a worm with backdoor functionality that spreads via
email, network shares with weak passwords and filesharing networks.
W32/Lovgate-AL may arrive in the email with various characteristics.
When executed W32/Lovgate-AL creates a background process with the
name LSASS.EXE, copies itself to the Windows system folder, sets
registry entries, extracts a backdoor component as a DLL file,
harvests email addresses from *.ht files and sends itself out as an
email.
W32/Lovgate-AL copies itself to available share folders and
subfolders for filesharing networks with a filename chosen from:
Are you looking for Love.doc.exe
The world of lovers.txt.exe
How To Hack Websites.exe
Panda Titanium Crack.zip.exe
Mafia Trainer!!!.exe
100 free essays school.pif
AN-YOU-SUCK-IT.txt.pif
Sex_For_You_Life.JPG.pif
CloneCD + crack.exe
Age of empires 2 crack.exe
MoviezChannelsInstaler.exe
Star Wars II Movie Full Downloader.exe
Name Troj/Dazed-A
Type
* Spyware Trojan
Affected operating systems
* Windows
Side effects
* Steals information
Aliases
* Possible_Infostl
Prevalence (1-5) 2
Description
Troj/Dazed-A is a Trojan component for the Windows platform.
Advanced
Troj/Dazed-A is a Trojan component for the Windows platform.
Troj/Dazed-A includes functionality to
take screenshots
log network traffic
Name W32/Rbot-GLQ
Type
* Worm
How it spreads
* Network shares
Affected operating systems
* Windows
Side effects
* Allows others to access the computer
* Downloads code from the internet
* Installs itself in the Registry
* Exploits system or software vulnerabilities
* Used in DOS attacks
Prevalence (1-5) 2
Description
W32/Rbot-GLQ is a worm for the Windows platform with IRC backdoor
functionality.
W32/Rbot-GLQ runs continuously in the background providing a backdoor
service through which a remote user can access the computer.
Advanced
W32/Rbot-GLQ is a worm for the Windows platform with IRC backdoor
functionality.
W32/Rbot-GLQ runs continuously in the background providing a backdoor
service through which a remote user can access the computer.
W32/Rbot-GLQ spreads
- to computers vulnerable to common exploits, including: IMAIL
Server, ASN.1 (MS04-007) and Symantec (SYM06-010)
- to network shares protected by weak passwords
When first run W32/Rbot-GLQ copies itself to <System>\wuauclt12.exe
and creates the following registry entries in order to run on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Xordate
wuauclt12.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Xordate
wuauclt12.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Xordate
wuauclt12.exe
Name Troj/Wheezer-A
Type
* Spyware Trojan
Affected operating systems
* Windows
Side effects
* Steals information
* Downloads code from the internet
* Records keystrokes
* Installs itself in the Registry
Aliases
* Trojan.Win32.Small.mg
Prevalence (1-5) 2
Description
Troj/Wheezer-A is a Trojan for the Windows platform.
Troj/Wheezer-A includes functionality to access the internet and
communicate with a remote server via HTTP.
Troj/Wheezer-A runs continuously in the background, monitoring
browser activity and collecting password information.
Advanced
Troj/Wheezer-A is a Trojan for the Windows platform.
Troj/Wheezer-A includes functionality to access the internet and
communicate with a remote server via HTTP.
Troj/Wheezer-A runs continuously in the background, monitoring
browser activity and collecting password information.
Troj/Wheezer-A steals credentials for:
- POP3
- HTTPMail
- Protected Storage
- MSN Explorer signup
- IE Auto Complete fields
- Auto Complete passwords
- Password protected sites in Internet Explorer
- Outlook Express (including deleted accounts)
- Accounts stored in the Internet Account Managed
When first run Troj/Wheezer-A copies itself to <System>\<worm
filename>.exe.
Troj/Wheezer-A creates registry entries under this path to start as a
service:
HKLM\SYSTEM\CurrentControlSet\Services\<random name>SVC
Name Troj/Bckdr-QHH
Type
* Trojan
Affected operating systems
* Windows
Side effects
* Installs itself in the Registry
Prevalence (1-5) 2
Description
Troj/Bckdr-QHH is a Trojan for the Windows platform.
Advanced
Troj/Bckdr-QHH is a Trojan for the Windows platform.
When first run Troj/Bckdr-QHH copies itself to:
<System>\webpnt.exe
<System>\webprint.exe
The file webprint.exe is registered as a new system driver service
named "WebPrint", with a display name of "WebPrint" and a startup
type of automatic, so that it is started automatically during system
startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\WebPrint
Name Troj/Lydra-AB
Type
* Spyware Trojan
Affected operating systems
* Windows
Side effects
* Turns off anti-virus applications
* Steals information
* Uses its own emailing engine
* Records keystrokes
* Installs itself in the Registry
Prevalence (1-5) 2
Description
Troj/Lydra-AB is a Trojan for the Windows platform.
The Trojan has the functionalities to:
- steal information
- communicate with a remote server via email
Advanced
Troj/Lydra-AB is a Trojan for the Windows platform.
The Trojan has the functionalities to:
- steal information
- communicate with a remote server via email
When Troj/Lydra-AB is installed the following files are created:
<Startup>\AdobeGammaLoader.scr
<Windows>\calc.exe
<Windows>\lsassv.exe
<Windows>\msrpc.exe
<Windows>\mui\rctfd.sys
<Windows>\regedit2.exe
<Windows>\winsys.exe
The Trojan renames the file <Windows>\regedit.exe to
<Windows>\regedit2.exe and copies itself to <Windows>\regedit.exe.
The following registry entries are created to run lsassv.exe,
msrpc.exe and winsys.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
winsys
<Windows>\winsys.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
msrpc
<Windows>\msrpc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
lsassv
<Windows>\lsassv.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
winsys
<Windows>\winsys.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
winsys
<Windows>\winsys.exe
The file winsys.exe is registered as a new system driver service
named "winsys", with a display name of "TCPIP route manager" and a
startup type of automatic, so that it is started automatically during
system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\winsys
The following registry entry is set, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall
Policy\
StandardProfile\AuthorizedApplications\List
<pathname of the Trojan executable>
<Current Folder>\<original filename>:*:Enabled:System Update
The following registry entry is also set:
HKCR\{65D5AFFB-D4EF-49AA-GFFG-5DA5E12E300A}\
Name W32/Virut-J
Type
* Virus
How it spreads
* Infected files
Affected operating systems
* Windows
Aliases
* Virus.Win32.Cheburgen.9272
Prevalence (1-5) 2
Description
W32/Virut-J is a virus for the Windows platform.
Name W32/Dref-AF
Type
* Worm
How it spreads
* Email attachments
Affected operating systems
* Windows
Side effects
* Turns off anti-virus applications
* Sends itself to email addresses found on the infected computer
* Drops more malware
* Forges the sender's email address
* Uses its own emailing engine
Prevalence (1-5) 2
Description
W32/Dref-AF is an email worm for the Windows platform.
Advanced
W32/Dref-AF is an email worm for the Windows platform.
W32/Dref-AF harvests email addresses from the infected computer and
attempts to send itself to them, though due to a bug in the code will
usually send a file detected as W32/Dref-Dam.
W32/Dref-AF tries to send itself in an email from <random
name>@yahoo.com with the following characteristics:
Subject line (one of the following):
Iran Just Have Started World War III
USA Just Have Started World War III
Israel Just Have Started World War III
Missle Strike: The USA kills more then 10000 Iranian citizens
Missle Strike: The USA kills more then 1000 Iranian citizens
Missle Strike: The USA kills more then 20000 Iranian citizens
USA Missle Strike: Iran War just have started
USA Declares War on Iran
Attachment filename (one of the following):
Video.exe
News.exe
Movie.exe
Read Me.exe
Click Me.exe
Click Here.exe
Read More.exe
More.exe
W32/Dref-AF attempts to drop a file with an EXE extension and a
random 7-letter filename to the same folder as itself. This file is
already detected as W32/Dref-AB.
W32/Dref-AF deletes the following registry entry to stop the file
referenced from running on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Agent
W32/Dref-AF sets the following registry entry, disabling the
automatic startup of the SharedAccess service:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates
the Microsoft Internet Connection Firewall (ICF).
W32/Dref-AF terminates processes certain processes and windows
related to security and anti-virus applications, including windows
names "Registry Editor".
--- MultiMail/Win32 v0.43
* Origin: Doc's Place BBS Fido Since 1991 docsplace.tzo.com (1:123/140)
|