ÜÜÜ ÜÜÜÜÜÜÜÜ ÜÜÜ ÜÜÜÜÜÜ ÜÜ ÜÜ ÜÜÜ ÜÜÜÜÜ ÜÜÜÜÜÜÜ ÜÜÜÜÜ Û±±Û Û±±±±±±±Û Û±±Û Û±±±±±Û Û±±Û Û±±Û Û±±Û Û±±±±Û Û±±±±±±Û Û±±±±Û Û±±Û ßßßßßßßß Û±±Û ßßßßÛ±±Û Û±±Û Û±±Û Û±±Û ßßßÛ±±Û ßßßÛ±±Û ßßßßß Û±±Û Û±±Û ÜÜÜÜÛ±±Û Û±±Û Û±±Û Û±±Û ÜÜÜÛ±±Û Û±±Û Û±±Û Û±±Û Û±±±±±Û ßß Û±±Û Û±±Û Û±±±±Û Û±±Û Û±±Û Û±±Û ßßßßÛ±±Û Û±±Û Û±±Û ßßßßß Û±±Û Û±±Û ÜÜÜÜÜÜÜÜ Û±±Û Û±±Û Û±±Û Û±±Û Û±±Û Û±±Û Û±±±±±±±Û Û±±Û Û±±Û Û±±Û Û±±Û Û±±Û ßßß ßßßßßßßß ßßß ßß ßß ßßß ßß NEWSLETTER NUMBER 9 ********************************************************************** Another festive, info-glutted, tongue-in-cheek training manual provided solely for the entertainment of the virus programmer, casual bystander or PC hobbyist interested in the particulars of cybernetic data replication and/or destruction. EDITED BY URNST KOUCH, November 1992 ********************************************************************** TOP QUOTE: "Concrete shoes! Neckties! Cyanide! Done dirt cheap!!" --AC/DC from "Dirty Deeds Done Dirt Cheap" on "Live 1992" late October, 1992 IN THIS ISSUE: News-news-news . . . Solomon's Anti-virus Toolkit scrutinized for user happiness quotient . . . ACME virus and URNST's continuing fetish with companion infections . . . RAUBKOPY virus: a German anti-piracy product . . . intro to the first annual Crypt letter virus\antivirus\virus software awards . . . In the READING ROOM . . . stupid humor & lots more . . . -*- TOP O' THE NEWS: WEENIES STRIKE AGAIN - the PROTO-T hoax. Once again, the chief dupes were FidoNet and WWIVnet users. The story goes like this: anonymous electronic stooge posts e-mail message from noble 'underground elite' sysops in the S.F. Bay Area who see their systems decimated by a magical, virulent program which 'hides' in COM port 1, etc., etc. Noble sysops band together to spread word to "straight" world, with the exception of the Software Publishers Association. Eegah! Contagion spreads like wild fire. Call US NEWS & WORLD REPORT! We reprint the original PROTO-T warning (spelling errors and all) for your enjoyment and add that one of the viruses included in this issue has been named PROTO-T, in honor of the quacks who started the rumor. Transcript: ********************************************************************* This is an exact copy of a "Broadcast" letter sent to all members and affiliates of THIEVCO INC; a group located somewhere in the San Francisco Bay Area. While I do not support the general theology of Thievco Inc, I must applaud thier actions. Thier warnings about a new Page 1 virus called PROTO-T, will potentially save us computer users possibly thousands of dollars - and hundreds of man hours. Here is a copy of the broadcast letter, as received from a friend at Thievco ... <<*>> <<*>> <<*>> <<*>> <<*>> <<*>> Retrieved BLUWAV 6921 / THIEV 00621*420 - Node 1:8 Sent T-Tymnet Date : 9/24/92 11:14pm To : All Thievco Members, and affil. Re : PROTO - T Class : Confidential (go public 9-26) Dear Members, At 7:34PM (pst) our attempt to isolate and contain the PROTO - T virus failed. As we have discovered, PROTO - T has a *VERY* unique feature, to hide in the RAM of VGA cards, hard disks, and possibly, in modem buffers. Unfortunaly, we found out the hard way - after it struck. At this time, there is no known defence against this virus, save formatting your hard/floppy disks - there isn't even a method of detecting it yet...untill its too late. [ PROTO - T specs listed later ]. Unearthly Vision ( Portland, Oregon ), and Chron ( Alameda, Calif ) were working on isolating the virus when it struck. Over 900 megabytes of information was lost, of that about 214 megabytes is probably recoverable. Action : Please assist us in implementing this plan, to warn the general public. Our first priority is our fellow THIEVCO members. Please distribute this letter to all contacts inside the U.S., upon recipt of this letter. Please inform the public on 9-26-92. Start warning the elite boards first, followed by the P.D. boards. Dont bother telling known SPA locals, they aren't worth our time. Blue Boar - Distribute the warning in Southern California, start with L.A. first. Chron - Distribute to San Francisco, Sacramento, and south east coast. Garfield - Distribute to Fido-Net, Vet-Net, Compuserve, and America Online. Unearthly Vision - Distribute to Oregon, and Washington. Executioner - Distribute to San Jose, Monterey. Page 2 =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--= What is known: Proto - T was just a rumor, untill it was confirmed a few weeks ago. Chron, being the most incredible skip-tracer, traced its origins to a college campus in California. There, it was placed into two files. The first, is a file called "TEMPLE" - which to our knowledge, has no legitimate use; it seems to be a dummy file. The other file, was placed in an unathorized version of PKZip by PKWare ( versions 3.0, and 3.1 - these are not legitimate versions of PKZip! Quite possibly, these versions of PKZip were created, for the reason of distributing PROTO - T ). Proto - T is very elusive. There is no program known to detect it. From what we understand, it will only infect your system if certian conditions are met. From what we know, it will infect your system only if you run TEMPLE, or PKZip 3.x after 6:00pm. Even doing that wont nessaraly cause infection - it took 6 days for Chron and Unearthly Vision to become infected. Obviously some other criteria must be met. Upon infection, the virus is written (as un-attached file chains), On two parts of a hard disk - each capable of running independently without the other half. After infection, the virus seems to be written into the memory or memory routines of a VGA or EGA monitor; or is written into the memory of the hard drive, or quite possibly, into a modem - or COM port. Thus excaping most or any known detection methods. PROTO - T : Proto - T when activated, corrupts data on a disk, stops VGA or EGA from being used ( Thus either defaulting to CGA, or locking up ), and prohibits memory from being used over 512K. Known to be put into two files : TEMPLE.EXE ( 14,771 Bytes ) and PKZip 3.x (Varries always over 100,000 bytes when zipped). If you see these files - do not get or use them. Give this letter to all Thievco members and thier contacts, followed by other boards. With luck, we can stop the damage before it *REALLY* starts. THIEVCO INC, San Francisco Bay Area. Special Thanks for Chron, Unearthly Vision, and Blue Boar for all thier help with this "Early warning" and tech help. Bill [A NOBLE CYBER-CITIZEN. -URNST] ******************************************************************* Page 3 Crypt newsletter recommendations: Send a copy of the transcript and PROTO-T to Pam Kane of Panda Systems. According to a recent COMPUSERVE magazine story on viruses, Kane is working on a hi-tech novel with a virus villain. PROTO-T could be ripe for even more embellishment in a good novella. And there's no worry about royalties, either! Boy, I love reading this stuff! It's cut from the same bolt of cloth that supplies the endless numbers of computer chowderheads ready willing and able to argue that a trojan or virus can blow up your monitor. And here's more: ******************************************************************* Proto-T is NOT a hoax... and from what I've heard through the grape vien [VIEN? Is that in Austria?] is just about as nasty as they get. The problem with detecting it is that no one's really sure where it goes...com ports, video memory, you name it, and it might have accessed it... From all the information I've seen off internet proto-t ussually strikes after 6:00pm, but is not totally dependant upon the time alone. I believe it was a lab in Austin Texas that was doing the most heaviest work on it, although I can't be 100(null)ure that it was Austin.. but at any rate Proto-T is legit, and from all I've been reading probably one of the most intense virii written to date.. no one seems to be able to lock it down as from all obersvation it writes to two seperate sections of the hard disk and neither rely on one or the other to activate.. and it *might* have reproductive powers to boot (ie you destroy one of the writes, the other kicks in and rebuilds it..). I don't like the looks of this one, not at all.. Devin Davidson [ANOTHER NOBLE CYBER-CITIZEN. -URNST] ********************************************************************** PATRICIA HOFFMAN, VSUM AUTHOR, QUITS AT 4:00pm ********************************************************************** I snagged the next entry describing the MtE Spawn (real name: INSUFF3) off the FidoNet. Someone had posted it from Patricia Hoffman's VSUM in response to a question on Mutation Engine viruses. The Crypt reader will recognize MtE Spawn as one of the INSUFF viruses from a previous newsletter. MTE Spawn: Received in September, 1992, MTE Spawn is a non- resident spawning or companion virus which uses the Dark Avenger Mutating Engine for its encryption. When an infected program is executed, this virus will infect one .EXE file in the current directory, creating a 6,666 to 6,746 byte .COM file with the same base file name. This companion file will have the read-only, system, and hidden attributes set, and its date and time will be the system date and time when infection occurred. The original .EXE file will not be altered. Execution of an MTE Spawn virus infected program will result in a system hang after five .EXE files in the Page 4 current directory have become infected. Additionally, the companion files will not be executed under some versions of DOS due to a minor bug in this virus. To disinfect an infection of MTE Spawn, simply delete the hidden companion files. Origin: Unknown September, 1992. [Crypt newsletter 6, actually.] Note the size reported by Hoffman: 6,666 bytes. Pretty big for a non-resident companion virus! Must be written in PASCAL, or somethin'. Nope. Actually, the reader may remember this particular virus carries a 4,000 byte payload: the NOIZ trojan. The NOIZ program is dropped onto .EXE's in the current directory anytime MtE Spawn is executed after 4:00 in the afternoon. NOIZ is a joke program which installs itself in memory and, obviously, makes noise. And it irreversibly soils any program it lands on. This makes NOIZ difficult to ignore. So, Patricia Hoffman either worked on MtE Spawn in the morning or went home by 4:00 pm the day she examined it. Oh wow. ****************************************************************** CENTRAL POINT SOFTWARE VOWS "ALL PC's VIRUS FREE BY '93!" IN MARKETING NEW CP ANTIVIRUS FREEWARE SCANNER. OH WOW. ****************************************************************** Central Point Software follows SYMANTEC into the retail program offered as bait freeware by making the scanner engine in its latest edition available as a no-strings downloadable file on COMPUSERVE and AMERICA-ON-LINE. The scanner, packaged as the archive CPAVSO.ZIP, SO standing for "scanner only," is cosmetically very similar to SYMANTEC's freeware NAVSCAN issued a month ago. The SO version of CPAV's scanner engine claims to detect all Mutation Engine viruses and Virus Creation Laboratory variants. At the Crypt editorial offices it failed to detect the MtE- equipped INSUFF viruses, noted in the latest edition of Patricia Hoffman's VSUM as MtE Spawn. It also hiccuped when running against any but the most basic Virus Creation Laboratory code samples. CPAVSO continues the weird Central Point Software method of counting a virus which infects both .COMfiles and .EXEfiles as two strains, thereby inflating its detection claims. However, as a brute force scanner, the SO edition is worth precisely what you pay for it. ***************************************************************** URNST TAKES THE PRODIGY CHALLENGE AND ORDER's DR. SOLOMON's ANTIVIRUS TOOLKIT THROUGH ONTRACK SYSTEMS: A QUALITY REPORT ***************************************************************** The Sears Roebuck administered "personal information service" for yuppies, Prodigy, recently hyped an antivirus software offer which, on the surface, appeared quite attractive. It offered Page 5 a special data integrity package armed with the Solomon Toolkit's FindVirus utility, an "unerase" program designed to allow buyers to easily recover recently scotched files and a rudimentary set of hard disk maintenance utilities. Not a bad deal for $34 cash money until you consider that anyone running DOS 5.0, NORTON UTILITIES or any equivalent already has the hard file maintenance programs, reducing the Prodigy package to a $34 brute-force scanner. Nah, pass. However, Prodigy did offer the complete Solomon Toolkit for $39. The catch was it came sans manual. Of course, you could also buy the manual, thereby bringing the total price up to $99, just about what you would pay for the Toolkit anywhere. Hah! But Prodigy hadn't counted on a Crypt newsletter editor as a buyer. We don't need no stinking manuals! And so we evaluated the Toolkit just for you, the Crypt reader! The Toolkit is easy to install. You can either use the dumb install program or copy the files manually into a TOOLKIT directory on the hard file of choice. All Toolkit programs are command line driven, but most will want to use the Toolkit menu. The menu is perfunctory but clear. The Toolkit sans manual offers little advice, although there is plenty of embedded help to aid in understanding possible functions. The heart of the Toolkit is its two integrity checkers: Quick Check Virus and CheckVirus. CheckVirus provides more complete integrity data on executables and, therefore, according to Solomon, is more sensitive than Quick Check Virus. It is supposedly armored against advanced stealth viruses although we didn't bother to test this. CheckVirus WAS slapped around by the Crypt companion viruses VOTE and ACME (included in this issue.) Like most current products, it failed to note the significance of added files duplicates. Nay, it completely missed them. This was startling, since the Toolkit virus list claims it recognizes companion infections as special cases. Presumably, we take this to mean only SCANNED companion infections can be detected by the Toolkit's FindVirus program. The Toolkit also sports a memory integrity utility called CheckMem. It failed to notice VOTE - a resident comapnion virus - in memory although it complained incessantly about only 639k of apparent RAM on the test machine even when no viruses were being tested. However, this is unlikely to matter to the average user. The CheckMem utility does not present its information in any way that the average Prodigy subscriber would understand. Don't believe me? Start checking the Prodigy Computer Club help forums and you'll see what I mean. The Toolkit's Quick Check Virus and CheckVirus programs easily detected changes made to files by the PROTO-T virus (in this Page 6 newsletter). Since PROTO-T has no stealth properties and changes in infected file size are fairly obvious, this was an easy hit for the Toolkit. However, the alarm message "*.COM has changed!!!" is not particularly useful. When contrasted with Leprechaun Software's Virus-Buster advisories/warnings and the redoubtable Integrity Master, by Stiller Research, both of which attempt to explain the possible reasons for change and a range of appropriate actions, the Toolkit's response is laughable. In addition, the Toolkit makes the user manually edit the files that contain its integrity data as programs are removed or renamed. This is a fairly rudimentary task, but still beyond the scope of the average Prodigy subscriber. Included with the Toolkit are some special programs. BROWSE lets the user look at a suspicious file for "gotcha" messages. This is a nice touch and one all anti-virus programs should include. NOHARD and NOFLOPPY write protect respective disks. This is, IMHO, a useless and intrusive feature in everyday computing, but handy if you're going in harm's way. The Toolkit also offers a standard array of repair functions for recognized viral infections. It rightly backs off on making any grand claims about the efficacy of these measures and sure enough, the program took a hands-off approach to some minor variants of recognized infections by merely renaming the file. When repairing file virus infections, the Toolkit will rescan a program after removal - a good feature which uncovers multiple infections. The Toolkit also has an interesting embedded virus database. In it, viruses are described with regards to incidence, type of infection, damage, encryption, and stealth properties. I had to laugh at the frequent incidence description: "Not in the wild, but could be." This is the best example of a waffle I've seen in a long time, and it's been an election year. On a positive note, the Toolkit's FindVirus ably detected all the Mutation Engine variants I was able to generate. In conclusion, without the manual Solomon's Toolkit would seem like impenetrable murk to most users. Indeed, it's not entirely fair to judge the Toolkit - which despite some glaring faults is serviceable software - without this component. But I ask you, will the average Prodigy user read, use and understand a $40 manual? Hahaha. Bet against. ******************************************************************* RAUBKOPY: AN ANTI-PIRACY VIRUS FROM GERMANY. FOR YOUR PLEASURE ******************************************************************* You're going to like RAUBKOPY. Supplied as a DEBUG script in this issue, RAUBKOPY - which translates literally as "theft copy" or pirate, I presume - is a direct-action infector of Page 7 .COM and .EXE files. Infected .COMfiles have the virus body added to their beginning; with .EXE's the virus is appended to the end. RAUBKOPY restricts itself to a single directory on call and attempts to infect as many as 5 executables in a single go. RAUBKOPY is encrypted and resists simple methods of breaking 8 and 16-bit encryption schemes. The interesting feature of RAUBKOPY is its anti-piracy message, displayed often and in German. Run RAUBKOPY a few times - you'll be sure to see it. It is: ----------------------- A C H T U N G ! _______________________ "The Benutzung einer Raubkopi ist strassbar. Nur wer Original-Disketten, Handbucher, oder PD-Lizenzen besitzt dank Kopien verwenden. Programmeirung ist muhevolle Detailarbeit. Wer Raubkopien verwendet, betrugt Programmierer und der Lohn ihrer Arbeit." The machine waits a moment and then prompts the user again, "Bist Du sauber" (Are you honest?) (J/N) Hit J for "Ja!" and the infected program will function. An on-the-fly (so don't sue if it's imprecise) translation is: "Attention! The use of "Raubkopi" is restricted. Only those with the original diskettes, manuals or PD licenses may distribute copies. "Programming is strenuous, exacting work. Those who distribute pirated files, betray programmers and the integrity of their work." RAUBKOPY will also try to meddle with the fixed disk very late in the afternoon or after the 12th of any month. VSUM reports this as a buggy routine which fails; on my machine RAUBKOPY hung the processor after making the disk spin. Although RAUBKOPY appears to be harmless, it would be wise to be a little cautious when tinkering with it. ***************************************************************** ACME VIRUS - ANOTHER COMPANION INFECTOR ***************************************************************** Also in this issue: ACME. ACME is another nuisance companion virus - simple but easy to drive through the holes of most anti-virus file integrity schemes. ACME will try to create Page 8 companion files for every .EXE in the current directory in one pass. Those new to the Crypt newsletter will want to know that these files are 912-byte hidden, read-only images of the ACME virus renamed as a COMfile equivalent of the "infected" target. When the "infected" target is executed, ACME will gain control of the computer, a consequence of the fact the DOS will choose .COM programs before .EXE programs of the same name to execute first. ACME will lock up the PC with some insane music at 4 in the afternoon and release its grip right after midnight. ACME won't pollute your data - remove the virus by erasing all the hidden, read-only images it produces. Try it against Solomon's Toolkit, CPAV or your favorite installed software. You will be surprised how quickly ACME crawls all over it. Since ACME is restricted to a single directory, it is hard for me to imagine it getting very far. However, since it is very infectious, an ill-informed clumsy reader could have it get away from them. Fortunately, ACME is not nasty at all. *************************************************************** PROTO-T: A RESIDENT .COM infector NAMED AFTER ANOMYMOUS ELECTRONIC QUACKS *************************************************************** And here it is! The dangerous, baffling PROTO-T! PROTO-T is a memory resident infector of .COMfiles. PROTO-T WILL also successfully infect COMMAND.COM if given the opportunity while in memory. PROTO-T diminishes the amount of memory by around 1k and a simple MEM /c command will reveal it, IF the user has enough brains to remember what the free memory of his machine was BEFORE PROTO-T was installed. Files infected by PROTO-T gain the ASCII string, "This program is sick. [PROTO-T by Dumbco, INC.]" In addition, after 4 in the afternoon PROTO-T infected programs will issue two ugly squawks from the speaker and then begin to read the hard file very quickly, mimicking a massive disk trashing. The programs won't function, of course, but the disk will be unscathed. It's a good demonstrator and convincingly unsettling. Enjoy PROTO-T! And remember, in the words of Devin What'shisname, "I don't like the looks of this one, not at all..." *************************************************************** LATE STUFF FYI: Here's a list of virus exchange BBS's pulled off the FidoNet. Page 9 1) U.S.S.R System PHALCON/SKISM (091) 514-975-9362 DS Apply with John Johnson at Landfill BBS 914-hak-vmbs 2) Darkcoffin/Crypt HQ (091) 215-966-3576 V32bis Sysop : Tim Caton 3) The VIRUS (091) 804-599-4152 2400 Fidonet 1:271/297, Sysop : Aristotle, John A.Buchanan 4) The VIRUS EXCHANGE (091) 602-569-2420 14.4 Sysop : Michael Coughlin 5) HSRC BBS, David Butler (012) 28-3124 2400 Location : Pretoria, South Africa Time 24Hrs To phone from outside South Africa: 27-12-283124 *Appears to be the Human Science Resource Center. 6) Nemesis Eye, BBS, Darth Vader (021) 405-3543 2400 Location : Cape Town, South Africa Time 16Hrs to 07Hrs GMT To phone from outside South Africa 27-21-4053543 Ionic Destruction 215-722-4524 Nun Beaters Anonymous 708-251-5094 The Hell Pit BBS 708-459-7267 Incidentally, you may also find new copies of the Crypt letter at these points. ------------------------------------------------------------------ Nowhere Man reports that he is feverishly working on completion of Virus Creation Laboratory 2.0 for a near holiday release. And look for N.E.D. polymorphic viruses to start popping up in early January. ****************************************************************** ATTENTION READERS! TIME TO GET YOUR DIGS IN FOR THE FIRST ANNUAL CRYPT VIRUS/ANTI-VIRUS/VIRUS AWARDS! ****************************************************************** In December, we'll release our picks in a variety of topics for best and worse in the virus/anti-virus community. A few of the categories: Most interesting virus: Most valuable player, virus programmer or other: Best virus exchange: National Dummkopf: Best a-v scanner: Best a-v software, overall: Best publication (we humbly disqualify ourselves): Page 10 Biggest flaming idiot: Since they're gonna be editor's choices, they'll be purely subjective. Nyah! But you, the Crypt reader, can get into the action, too! Post your picks and pans on the VxNet with your own trenchant wit and I'll be looking for 'em to include in the article. Or, ensure your place in the Crypt letter by e-mailing them to me, URNST KOUCH, at the BBS's listed at the end of this Crypt letter. ******************************************************************** IN THE READING ROOM: A HUMDINGER, PHILIP ZIMMERMAN'S 'PRETTY GOOD PRIVACY' DOCUMENTATION ******************************************************************** "Forbidden freeware" is how Philip Zimmerman describes his Pretty Good Privacy 2.0 encryption programs. Hah? Yup, I'm reading the docs to a freeware program! Docs you might like to browse yourself. In a testament to the evil of lawyers and government secrecy, Zimmerman explains why he can't distribute Pretty Good Privacy and why it's contraband, of sorts. The tangled story, according to Zimmerman, revolves around a litigation firm known as Public Key Partners who own the patent to the RSA encryption used in his program. They don't own it in any other country, only the U.S. and, apparently, PKP isn't interested in licensing it or providing software which uses it. But the Pretty Good Privacy methods are in the open literature, the source code is published and anyone can see it. But no one is supposed to use it. In the U.S.A. Wow. Nevertheless, Pretty Good Privacy and its source code can be found on thousands of BBS's across the country. It's an absurd situation and answers this question: "What do you do if you're trapped in a room with Adolf Hitler, Saddam Hussein and a lawyer and your gun has two bullets?" Answer: "Shoot the lawyer twice." The Crypt newsletter recommends you find Pretty Good Privacy and read the docs. Heh. They're free. ******************************************************************** THE FINAL CREDITS ROLL! ******************************************************************** Software included with this issue of the Crypt newsletter can be assembled by ensuring the MS-DOS program, DEBUG.EXE, is in the path and typing: DEBUG <*.scr, where *.scr is the scriptfile of interest. Even simpler, throw DEBUG.EXE into your current directory with all the files from this newsletter and type MAKE. The enclosed MAKE.BAT file will do the rest, prompting your machine to produce working copies of the ACME, RAUBKOPY and PROTO-T viruses in the current directory. Page 11 Keep in mind that in the hands of incompetents, the ill-informed and/or lazy, viruses assembled from code in the newsletter can mess up data on your machine, sometimes irretrievably. If this happens, your day will seem overlong and you may want to kick something. Don't curse the newsletter, puh-leez. We're telling you viruses WILL mangle your programs, it's what they DO. This issue of the newsletter should contain the following files: CRPTLET.TR9 - this electronic document ACME.SCR - DEBUG scriptfile for the ACME companion virus ACME.ASM - A86 listing for the ACME virus RAUBKOPY.SCR - DEBUG scriptfile for the RAUBKOPY virus PROTO-T.SCR - DEBUG scriptfile for the PROTO-T virus, by Dumbco PROTO-T.ASM - TASM/MASM listing for PROTO-T virus MAKE.BAT - handy, dandy makefile for Crypt software. Add DEBUG and stir. If any of these files are missing, ensure completeness by grabbing a copy of the Crypt newsletter from the following BBS's: CryPt HQ ùùùùùùùùùùùùùùùùùùùù Dark Coffin VX ùùùùùùùù 215.966.3576 Member Support ùùùùùùùùùùùùùù VIRUS_MAN BBS ùùùùùùùùù ITS.PRI.VATE Southwest Distribution ùùùùùù Virus Exchange/CC ùùùùù 602.569.2420 And one last request: Don't upload copies of the Newsletter to the Dark Coffin. It makes you seem stupid and waists your valuable long- distance on-line time. Thankee for your support. -*- Page 12