TIP: Click on subject to list as thread!

ANSI

echo:	virus_info
to:	ALL
from:	KURT WISMER
date:	2006-07-16 11:34:00
subject:	News, July 16 2006
[cut-n-paste from sophos.com] Name Troj/Riler-S Type * Trojan Affected operating systems * Windows Side effects * Allows others to access the computer * Reduces system security * Installs itself in the Registry * Leaves non-infected files on computer Prevalence (1-5) 2 Description Troj/Riler-S is a backdoor Trojan for the Windows platform. Troj/Riler-S may be contained in a Microsoft Word document and dropped by an exploit. Advanced Troj/Riler-S is a backdoor Trojan for the Windows platform. Troj/Riler-S may be contained in a Microsoft Word document and dropped by an exploit. When the Trojan is run it drops the file \SNootern.dll and loads it. This file is also detected as Troj/Riler-S. Troj/Riler-S may create the file \uidmngr.ini. This file is harmless and may be deleted. Troj/Riler-S will install the DLL as a Windows Sockets 2 transport provider and reorder the WSC Chain such that it gets called first. As a result, the Trojan may spy on the network traffic of applications. Troj/Riler-S may create or change registry entries in the following locations: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2 HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSL Name W32/Tilebot-FW Type * Worm How it spreads * Network shares Affected operating systems * Windows Side effects * Allows others to access the computer * Downloads code from the internet * Reduces system security * Installs itself in the Registry * Exploits system or software vulnerabilities Aliases * Backdoor.Win32.SdBot.ass * Backdoor.Sdbot * WORM_SDBOT.KF Prevalence (1-5) 2 Description W32/Tilebot-FW is a worm and IRC backdoor for the Windows platform. W32/Tilebot-FW spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx), RPC-DCOM (http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx), WKS (http://www.microsoft.com/technet/security/bulletin/ms03-049.mspx) (CAN-2003-0812), PNP (http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx) and ASN.1 (http://www.microsoft.com/technet/security/bulletin/ms04-007.mspx) and by copying itself to network shares protected by weak passwords. W32/Tilebot-FW runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. W32/Tilebot-FW includes functionality to access the internet and communicate with a remote server via HTTP. Advanced W32/Tilebot-FW is a worm and IRC backdoor for the Windows platform. W32/Tilebot-FW spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx), RPC-DCOM (http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx), WKS (http://www.microsoft.com/technet/security/bulletin/ms03-049.mspx) (CAN-2003-0812), PNP (http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx) and ASN.1 (http://www.microsoft.com/technet/security/bulletin/ms04-007.mspx) and by copying itself to network shares protected by weak passwords. W32/Tilebot-FW runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. W32/Tilebot-FW includes functionality to access the internet and communicate with a remote server via HTTP. When first run W32/Tilebot-FW copies itself to \services.exe. The file \services.exe is registered as a new system driver service named "Windows Spooler Service", with a display name of "Microsoft Windows Spooler Service" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Windows Spooler Service\ W32/Tilebot-FW sets the following registry entries, disabling the automatic startup of other software: HKLM\SYSTEM\CurrentControlSet\Services\Messenger Start 4 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry Start 4 HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Start 4 Registry entries are set as follows: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotAllowXPSP2 1 HKLM\SOFTWARE\Microsoft\Ole EnableDCOM N HKLM\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous 1 Registry entries are created under: HKLM\SOFTWARE\Microsoft\Security Center\ HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ Name W32/Forbot-GK Type * Worm How it spreads * Network shares Affected operating systems * Windows Side effects * Allows others to access the computer * Installs itself in the Registry Prevalence (1-5) 2 Description W32/Forbot-GK is a worm with backdoor functionality which allows a remote intruder to gain access and control over the computer. Advanced W32/Forbot-GK is a worm with backdoor functionality which allows a remote intruder to gain access and control over the computer. When first run W32/Forbot-GK copies itself to \jebote.exe. The following registry entries are created to run jebote.exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Windows MS Update 32 jebote.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Windows MS Update 32 jebote.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce Windows MS Update 32 jebote.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Windows MS Update 32 jebote.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Windows MS Update 32 jebote.exe The file jebote.exe is registered as a new file system driver service named "Win32", with a display name of "Windows MS Update 32". Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Win32\ Name W32/Tilebot-FY Type * Worm How it spreads * Network shares Affected operating systems * Windows Side effects * Allows others to access the computer * Installs itself in the Registry * Exploits system or software vulnerabilities Aliases * Backdoor.Win32.SdBot.aad Prevalence (1-5) 2 Description W32/Tilebot-FY is a worm and IRC backdoor Trojan for the Windows platform. W32/Tilebot-FY spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007). W32/Tilebot-FY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. Advanced W32/Tilebot-FY is a worm and IRC backdoor Trojan for the Windows platform. W32/Tilebot-FY spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (MS05-039) and ASN.1 (MS04-007). W32/Tilebot-FY runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. When first run W32/Tilebot-FY copies itself to \smsc.exe. The file smsc.exe is registered as a new system driver service named "Microsoft DLL System", with a display name of "Microsoft DLL System" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\Microsoft DLL System\ W32/Tilebot-FY sets the following registry entries, disabling the automatic startup of other software: HKLM\SYSTEM\CurrentControlSet\Services\Messenger Start 4 HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistry Start 4 HKLM\SYSTEM\CurrentControlSet\Services\TlntSvr Start 4 Registry entries are set as follows: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotAllowXPSP2 1 HKLM\SOFTWARE\Microsoft\Ole EnableDCOM N HKLM\SYSTEM\CurrentControlSet\Control\Lsa restrictanonymous 1 Registry entries are also created under: HKLM\SOFTWARE\Microsoft\Security Center\ HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ Name Troj/Clagger-W Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet * Reduces system security * Installs itself in the Registry Aliases * Win32/TrojanDownloader.Small.NIH Prevalence (1-5) 2 Description Troj/Clagger-W is a Trojan for the Windows platform. Troj/Clagger-W includes functionality to download, install and run new software. The Trojan attempts to bypass firewall security. Advanced Troj/Clagger-W is a Trojan for the Windows platform. Troj/Clagger-W includes functionality to download, install and run new software. Troj/Clagger-W downloads a file to \suhoy336.exe The Trojan attempts to bypass firewall security by setting the following registry entry: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ FiREWaLLpolicy\StAnDaRDPrOFiLe\AUtHorizedapplications\List C:\NvRun\::ENABLED:0 Name W32/Dozic-A Type Worm How it spreads * Chat programs Affected operating systems * Windows Side effects * Modifies data on the computer * Installs itself in the Registry * Leaves non-infected files on computer Prevalence (1-5) 2 Description W32/Dozic-A is a worm for the Windows platform. W32/Dozic-A attempts to spread via AOL Instant Messenger. Advanced W32/Dozic-A is a worm for the Windows platform. W32/Dozic-A attempts to spread via AOL Instant Messenger. When first run W32/Dozic-A copies itself to \WinZod32.exe, \zod32.exe and may create the following files: \aol\info.htm \wininit.ini These files are harmless and may be deleted. The following registry entry is created to run code exported by zod32.exe on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad winup \zod32.exe Registry entries are set as follows: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Winupd \zod32.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit winndata \zod32.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run windatea \zod32.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run winnet \zod32.exe Registry entries are created under: HKCU\Control Panel\Desktop\ HKCR\JSEFile\Shell\Open\Command\ HKCR\JSFile\Shell\Open\Command\ HKCR\VBEFile\Shell\Open\Command\ HKCR\VBSFile\Shell\Open\Command\ HKCR\WSFFile\Shell\Open\Command\ HKCR\WSHFile\Shell\Open\Command\ HKCR\batfile\shell\open\command\ HKCR\comfile\shell\open\command\ HKCR\exefile\shell\open\command\ HKCR\piffile\shell\open\command\ HKCR\scrfile\shell\open\command\ HKLM\SYSTEM\Control\WOW\cmdline\ HKLM\SYSTEM\Control\WOW\wowcmdline\ Name Troj/Haxdoor-CO Type * Trojan Affected operating systems * Windows Side effects * Allows others to access the computer * Drops more malware * Installs itself in the Registry Aliases * Trojan-Dropper.Win32.Small.apz Prevalence (1-5) 2 Description Troj/Haxdoor-CO is a Trojan for the Windows platform. Advanced Troj/Haxdoor-CO is a Trojan for the Windows platform. When Troj/Haxdoor-CO is installed the following files are created: \10320054.gif \dvb03a.dll \dvb03a.sys \dvb06a.sys \kgctini.dat \klo5.sys \lps.dat \qo.dll \qo.sys The files dvb03a.dll, dvb03a.sys, dvb06a.sys, qo.dll and qo.sys are detected as Troj/Haxdor-Fam. The other files are clean configuration and data files. The following registry entries are created to run code exported by dvb03a.dll on startup: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvb03a DllName dvb03a.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvb03a Startup DVBz637890 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dvb03a Impersonate 1 The file dvb06a.sys is registered as a new system driver service named "dvb06a", with a display name of "WDVB 05". Registry entries are created under: HKLM\SYSTEM\CurrentControlSet\Services\dvb06a\ The following registry entries are set, affecting internet security: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\ HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\ HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\ HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List\ HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS Explorer.EXE \Explorer.EXE::Enabled:explorer Name Troj/Vanity-A Type Trojan Affected operating systems * Windows Side effects * Downloads code from the internet * Reduces system security * Installs itself in the Registry Aliases * Win32/TrojanDropper.Small.NBG Prevalence (1-5) 2 Description Troj/Vanity-A is a Trojan for the Windows platform. Troj/Vanity-A includes functionality to access the internet and communicate with a remote server via HTTP, and to inject code into remote processes in an attempt to bypass security. Advanced Troj/Vanity-A is a Trojan for the Windows platform. Troj/Vanity-A includes functionality to access the internet and communicate with a remote server via HTTP, and to inject code into remote processes in an attempt to bypass security. When first run Troj/Vanity-A copies itself to \wowexecl.exe and creates the following files: \wowexecl.dll - also detected as Troj/Vanity-A. \wowexecl.ini - text file. May safely be deleted. Troj/Vanity-A creates the following registry entries. These are probably intended to automatically run the Trojan upon startup, but due to a bug the values may be left blank: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run wowexecl "" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices wowexecl "" HKCU\Software\Microsoft\Windows\CurrentVersion\Run wowexecl "" The Trojan may also attempt to modify the following registry entry: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters \FirewallPolicy\StandardProfile\GloballyOpenPorts\List Name Troj/Harnig-AH Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet Aliases * Win32/TrojanDownloader.Harnig.BQ Prevalence (1-5) 2 Description Troj/Harnig-AH is a Trojan for the Windows platform. Troj/Harnig-AH attempts to download files from several preconfigured internet sites and save the files in the System folder using the filename "nt_system.exe" where are generated at random. Name W32/Feebs-AW Type * Worm How it spreads * Email attachments * Peer-to-peer Affected operating systems * Windows Side effects * Sends itself to email addresses found on the infected computer * Forges the sender's email address * Uses its own emailing engine * Installs itself in the Registry Aliases * JS/Feebs.gen.h{at}MM * JS/TrojanDropper.Tivso.gen * JS_FEEBS.GEN Prevalence (1-5) 2 Description W32/Feebs-AW is a worm for the Windows platform. W32/Feebs-AW spreads by sending itself to email address harvested from the infected computer and via file sharing on P2P networks. Emails sent by the worm have the following text: You have received To read the message open the attached file. User ID: Password: Keep your password in a safe place. Advanced W32/Feebs-AW is a worm for the Windows platform. W32/Feebs-AW spreads by sending itself to email address harvested from the infected computer and via file sharing on P2P networks. Emails sent by the worm have the following text: You have received To read the message open the attached file. User ID: Password: Keep your password in a safe place. When first run W32/Feebs-AW copies itself to: \ms?? \ms??.exe \userinit.exe where ?? are randomly chosen characters. The worm also creates the file \ms??32.dll which is detected as W32/Feebs-AW. W32/Feebs-AW also copies itself to P2P folders with the following filenames: 3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip ACDSee_9_new!_full+crack.zip Adobe_Photoshop_10_(CS3)_new!_full+crack.zip Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip Ahead_Nero_8_new!_full+crack.zip DivX_7.0_new!_full+crack.zip ICQ_2006_new!_full+crack.zip Internet_Explorer_7_new!_full+crack.zip Kazaa_4_new!_full+crack.zip Longhorn_new!_full+crack.zip Microsoft_Office_2006_new!_full+crack.zip winamp_5.2_new!_full+crack.zip The following registry entry is created to run code exported by the worm library on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad ms??32.dll (2774E11F-B52B-467F-1D94-C6279C7AB9E2) The file ms??32.dll is registered as a COM object, creating registry entries under: HKCR\CLSID\(2774E11F-B52B-467F-1D94-C6279C7AB9E2) Name Troj/WowPWS-O Type * Spyware Trojan Affected operating systems * Windows Side effects * Steals information * Installs itself in the Registry Aliases * Trojan-PSW.Win32.Lmir.aup Prevalence (1-5) 2 Description Troj/WowPWS-O is a password stealing Trojan for the Windows platform. Advanced Troj/WowPWS-O is a password stealing Trojan for the Windows platform. The Trojan has the functionality to steal information related to the game "World of Warcraft". When run, the Trojan copies itself to: \INTEXPLORE.pif \Internet Explorer\INTEXPLORE.com \EXERT.exe \LSASS.exe \Debug\DebugProgram.exe \dxdiag.com \MSCONFIG.COM \regedit.com The following registry entry is created to run LSASS.exe on startup: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ToP \LSASS.exe The file INTEXPLORE.com is registered as a COM object, creating registry entries under: HKCR\CLSID\(871C5380-42A0-1069-A2EA-08002B30309D) The following registry entry is set: HKCR\htmlfile\shell\opennew\command (Default) \INTEXPLORE.pif %1 Name Troj/DownLd-AAG Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet * Installs itself in the Registry Aliases * Trojan-Downloader.Win32.Obfuscated.n * trojan Prevalence (1-5) 2 Description Troj/DownLd-AAG is a Trojan for the Windows platform. Troj/DownLd-AAG includes functionality to access the internet and communicate with a remote server via HTTP. Advanced Troj/DownLd-AAG is a Trojan for the Windows platform. Troj/DownLd-AAG includes functionality to access the internet and communicate with a remote server via HTTP. When first run Troj/DownLd-AAG copies itself to: \Local Settings\Application Data\.exe \.exe where has 8 random characters/digits. The following registry entries are created to run .exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run .exe \Local Settings\Application Data\.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run .exe \.exe Name Troj/SpyDldr-L Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet * Leaves non-infected files on computer Prevalence (1-5) 2 Description Troj/SpyDldr-L is a Trojan for the Windows platform. Troj/SpyDldr-L includes functionality to download, install and run new software. Advanced Troj/SpyDldr-L is a Trojan for the Windows platform. Troj/SpyDldr-L includes functionality to download, install and run new software. Troj/SpyDldr-L attempts to download futher programs to: \reger.exe \qjrkvy.exe When Troj/SpyDldr-L is installed the following files are created in order to mimic a spyware infection. /about_spyware_bg.gif /about_spyware_bottom.gif /alexaie.dll /alxie328.dll /alxtb1.dll /as.gif /as_header.gif /bg.gif /box_1.gif /box_2.gif /box_3.gif /BTGrab.dll /button_buynow.gif /button_freescan.gif /close-bar.gif /dlmax.dll /download_box.gif /features.gif /footer_back.gif /footer_back.jpg /header_1.gif /header_2.gif /header_3.gif /header_4.gif /infected.gif /main_back.gif /Pynix.dll /rf.gif /rf_header.gif /scan_btn.gif /security-center-bg.gif /security-center-logo.gif /security_center_caption.gif /sep_hor.gif /sep_vert.gif /spacer.gif /spyware-detected.gif /star.gif /star_gray.gif /star_gray_small.gif /star_small.gif /style.css /susp.exe /ts.gif /ts_header.gif /v.gif /warning-bar-ico.gif /warning_icon.gif /win_logo.gif /x.gif /ZServ.dll /a.exe /adobepnl.dll /alxres.dll /bridge.dll /dailytoolbar.dll /jao.dll /questmod.dll /runsrv32.dll /runsrv32.exe /tcpservice2.exe /txfdb32.dll /udpmod.dll /users32.exe /wstart.dll Many of these files contain randomly generated content. These files may be safely deleted. Troj/SpyDldr-L also creates the following registry entries: HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce Srv32 spool service Adware.Srv32 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adware.Srv32 \runsrv32.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ Srv32 spool service Adware.Srv32 HKLM\SOFTWARE\RespondMiter Adware.Srv32 \runsrv32.exe HKLM\SOFTWARE\Software\TPS108 Adware.Srv32 \runsrv32.exe HKLM\SOFTWARE\Transponder Adware.Srv32 \runsrv32.exe HKCR\AppID\DailyToolbar.DLL DailyToolbar dailytoolbar.dll HKCR\DailyToolbar.IEBand DailyToolbar HKCR\DailyToolbar.SysMgr DailyToolbar HKLM\SOFTWARE\DailyToolbar DailyToolbar HKLM\SOFTWARE\NIX Solutions\DailyToolbar DailyToolbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Transponder \susp.exe HKCR\AppID\WStart.DLL WStart wstart.dll Name Troj/Banloa-AKE Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet Aliases * Trojan-Spy.Win32.Banker.bbb Prevalence (1-5) 2 Description Troj/Banload-AKE is a Trojan downloader for the Windows platform. Name Troj/Squatbot-A Type * Trojan Affected operating systems * Windows Side effects * Downloads code from the internet * Installs itself in the Registry * Leaves non-infected files on computer Prevalence (1-5) 2 Description Troj/Squatbot-A is a Trojan for the Windows platform. Advanced Troj/Squatbot-A is a Trojan for the Windows platform. When first run, Troj/Squatbot-A runs a setup program and installs the following files: \remotewatch\remotewatch.exe (also detected as Troj/Squatbot-A) \remotewatch.ini (may be deleted) \remotewatch\unins000.dat (may be deleted) \remotewatch\unins000.ex After the files are created, the file remotewatch.exe then downloads a file containing German IP addresses and domains. The Trojan queries port 43, performing whois look-ups. When Troj/Squatbot-A finds an expired domain, it reports the information back to a remote user. Troj/Squatbot-A creates the following registry entries: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run remotewatch.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall Troj/Squatbot-A provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The Trojan is listed as"remotewatch version 1.0". However, the uninstaller does not actually remove the Trojan. --- MultiMail/Win32 v0.43 * Origin: Try Our Web Based QWK: DOCSPLACE.ORG (1:123/140) SEEN-BY: 633/267 270 @PATH: 123/140 500 106/2000 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.