Sign in with
Sign up | Sign in
Your question

Just curious...."My little sister... and OMG Hillary" posts

Tags:
Last response: in Laptops & Notebooks
Share
Anonymous
a b D Laptop
April 18, 2004 1:45:34 AM

Archived from groups: comp.sys.laptops (More info?)

Does anybody know what kind of "pest" is attached to those post: "my
little sister..." and "OMG Hillary.... Adaware and my AV do not find
anything wrong with those files but I know they install a file
system2.exe in Windows\system32 and attempt to change the registry so
that this file runs. Beyond that...

Can anyone decipher this file ? Just curious what kind of damage those
guys are trying to do.

--
John Doue
Anonymous
a b D Laptop
April 18, 2004 4:09:41 AM

Archived from groups: comp.sys.laptops (More info?)

"John Doue" <notwobe@yahoo.com> wrote in message
news:2Ahgc.587$ra6.240@read3.inet.fi...
| Does anybody know what kind of "pest" is attached to those post: "my
| little sister..." and "OMG Hillary.... Adaware and my AV do not find
| anything wrong with those files but I know they install a file
| system2.exe in Windows\system32 and attempt to change the registry so
| that this file runs. Beyond that...
|
| Can anyone decipher this file ? Just curious what kind of damage those
| guys are trying to do.
|
| --
| John Doue


Hi John -

Are you referring to System32.exe (and not System2.exe)?

If so, the file is the W32.KWBot.C.Worm virus, which opens a few ports,
potentially allowing an intruder to gain control over your computer.

Your virus software may not be up to date or, because the payload of these
messages is a "worm" which is set up to execute at system startup, your
virus software may not recognize it at all.

If you get a message upon startup that System32.exe is missing, you are
informed that your virus software successfully removed the System32.exe file
from the Windows\System32 folder, but did not successfully remove the
entries from your System Registry which execute it when you start your
computer.

See http://support.microsoft.com/?kbid=833767 for complete removal
instructions.

Jef
Anonymous
a b D Laptop
April 18, 2004 12:42:29 PM

Archived from groups: comp.sys.laptops (More info?)

Jef Norton wrote:

> "John Doue" <notwobe@yahoo.com> wrote in message
> news:2Ahgc.587$ra6.240@read3.inet.fi...
> | Does anybody know what kind of "pest" is attached to those post: "my
> | little sister..." and "OMG Hillary.... Adaware and my AV do not find
> | anything wrong with those files but I know they install a file
> | system2.exe in Windows\system32 and attempt to change the registry so
> | that this file runs. Beyond that...
> |
> | Can anyone decipher this file ? Just curious what kind of damage those
> | guys are trying to do.
> |
> | --
> | John Doue
>
>
> Hi John -
>
> Are you referring to System32.exe (and not System2.exe)?
>
> If so, the file is the W32.KWBot.C.Worm virus, which opens a few ports,
> potentially allowing an intruder to gain control over your computer.
>
> Your virus software may not be up to date or, because the payload of these
> messages is a "worm" which is set up to execute at system startup, your
> virus software may not recognize it at all.
>
> If you get a message upon startup that System32.exe is missing, you are
> informed that your virus software successfully removed the System32.exe file
> from the Windows\System32 folder, but did not successfully remove the
> entries from your System Registry which execute it when you start your
> computer.
>
> See http://support.microsoft.com/?kbid=833767 for complete removal
> instructions.
>
> Jef
>
>
No, I do refer to a system2.exe file which is installed by this *.scr
file. My AV is up to date and so is Adaware. I am not suggesting you try
this scr file on your system but I was curious. When this happened to
me, I just restored the registry (I back it up every day) and deleted
this file and all was Ok. But I did this on purpose, thinking my AV
would detect something amiss and it did not, that's why I got curious.

Regards

--
John Doue
Anonymous
a b D Laptop
April 18, 2004 6:38:54 PM

Archived from groups: comp.sys.laptops (More info?)

"John Doue" <notwobe@yahoo.com> wrote in message
news:Vbrgc.46$V2.3@read3.inet.fi...
|
| No, I do refer to a system2.exe file which is installed by this *.scr
| file. My AV is up to date and so is Adaware. I am not suggesting you try
| this scr file on your system but I was curious. When this happened to
| me, I just restored the registry (I back it up every day) and deleted
| this file and all was Ok. But I did this on purpose, thinking my AV
| would detect something amiss and it did not, that's why I got curious.
|
| Regards
|
| --
| John Doue


Hi John -

Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
looked familiar to a problem I'd recently fixed (System32.exe payload for
the above mentioned worm) and all I came up with was links to what appeared
to be legitimate applications.

My ISP drops messages with attachments on non-binary newsgroups, so the
messages in question don't show up on my news server.

Could be you have found something some script kiddie is playing with that
hasn't raised itself above the muck on the web. New exploits that haven't
been triggered (such as those scheduled to "wake up" at some future date)
may not be included in AV software, as they haven't actually done
anything... yet.

*.scr files are certainly a common way to payload a virus or a worm.

You're wise to be cautious... but, personally, I'd recommend when it looks
like a duck, quacks like a duck... etc. In other words: why invite trouble?

Jef
Anonymous
a b D Laptop
April 18, 2004 7:51:02 PM

Archived from groups: comp.sys.laptops (More info?)

Jef Norton wrote:

> "John Doue" <notwobe@yahoo.com> wrote in message
> news:Vbrgc.46$V2.3@read3.inet.fi...
> |
> | No, I do refer to a system2.exe file which is installed by this *.scr
> | file. My AV is up to date and so is Adaware. I am not suggesting you try
> | this scr file on your system but I was curious. When this happened to
> | me, I just restored the registry (I back it up every day) and deleted
> | this file and all was Ok. But I did this on purpose, thinking my AV
> | would detect something amiss and it did not, that's why I got curious.
> |
> | Regards
> |
> | --
> | John Doue
>
>
> Hi John -
>
> Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
> looked familiar to a problem I'd recently fixed (System32.exe payload for
> the above mentioned worm) and all I came up with was links to what appeared
> to be legitimate applications.
>
> My ISP drops messages with attachments on non-binary newsgroups, so the
> messages in question don't show up on my news server.
>
> Could be you have found something some script kiddie is playing with that
> hasn't raised itself above the muck on the web. New exploits that haven't
> been triggered (such as those scheduled to "wake up" at some future date)
> may not be included in AV software, as they haven't actually done
> anything... yet.
>
> *.scr files are certainly a common way to payload a virus or a worm.
>
> You're wise to be cautious... but, personally, I'd recommend when it looks
> like a duck, quacks like a duck... etc. In other words: why invite trouble?
>
> Jef
>
>
Jef,

You are quite right and I normally do not look for trouble. Don't know
why I did this time, I guess I wanted to test my defenses and I am
concerned they did not detect anything wrong, except zonealarm which
triggered an unusual message supporting your guess about opening ports
was right on target.

Regards

--
John Doue
Anonymous
a b D Laptop
April 29, 2004 1:55:15 PM

Archived from groups: comp.sys.laptops (More info?)

Sir,

I also found System2.exe on my laptop PC, within hours of hooking up
to high speed Internet for the first time, probably because my Windows
XP Pro wasn't sufficiently patched. First, my PC started acting
strange (unexplained sluggishness and crashing of svchost). Feeling
paranoid, I pulled the Ethernet card, at which point a dialog window
instantly popped up, stating that sniffer.hackarmy.tk was requesting
info from the Internet. Research on "sniffer.hackarmy" on Google
somehow led me to System2.exe (as well as W32 SpyBot worm, another
tool that seems to use IRC channels to communicate back to the
hacker). System2 deactivated regedit *and* Ctrl-Alt-Del. Their
windows would pop up, but not long enough for me to stop System2, only
long enough for me to see that it was running as a process. Attempts
to delete the file result in "Access Denied". I installed Recovery
Console from the Windows XP CD (Start | Run | Cmd | winnt32/cmdcons),
and was able to delete the file through Recovery Console. This
technique should work for any OS in the NT family.

- Erik Bjarling (PC hobbyist).

John Doue <notwobe@yahoo.com> wrote in message news:<Gtxgc.438$V2.44@read3.inet.fi>...
> Jef Norton wrote:
>
> > "John Doue" <notwobe@yahoo.com> wrote in message
> > news:Vbrgc.46$V2.3@read3.inet.fi...
> > |
> > | No, I do refer to a system2.exe file which is installed by this *.scr
> > | file. My AV is up to date and so is Adaware. I am not suggesting you try
> > | this scr file on your system but I was curious. When this happened to
> > | me, I just restored the registry (I back it up every day) and deleted
> > | this file and all was Ok. But I did this on purpose, thinking my AV
> > | would detect something amiss and it did not, that's why I got curious.
> > |
> > | Regards
> > |
> > | --
> > | John Doue
> >
> >
> > Hi John -
> >
> > Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
> > looked familiar to a problem I'd recently fixed (System32.exe payload for
> > the above mentioned worm) and all I came up with was links to what appeared
> > to be legitimate applications.
> >
> > My ISP drops messages with attachments on non-binary newsgroups, so the
> > messages in question don't show up on my news server.
> >
> > Could be you have found something some script kiddie is playing with that
> > hasn't raised itself above the muck on the web. New exploits that haven't
> > been triggered (such as those scheduled to "wake up" at some future date)
> > may not be included in AV software, as they haven't actually done
> > anything... yet.
> >
> > *.scr files are certainly a common way to payload a virus or a worm.
> >
> > You're wise to be cautious... but, personally, I'd recommend when it looks
> > like a duck, quacks like a duck... etc. In other words: why invite trouble?
> >
> > Jef
> >
> >
> Jef,
>
> You are quite right and I normally do not look for trouble. Don't know
> why I did this time, I guess I wanted to test my defenses and I am
> concerned they did not detect anything wrong, except zonealarm which
> triggered an unusual message supporting your guess about opening ports
> was right on target.
>
> Regards
Anonymous
a b D Laptop
April 30, 2004 1:46:37 AM

Archived from groups: comp.sys.laptops (More info?)

Bjarling, E. wrote:

> Sir,
>
> I also found System2.exe on my laptop PC, within hours of hooking up
> to high speed Internet for the first time, probably because my Windows
> XP Pro wasn't sufficiently patched. First, my PC started acting
> strange (unexplained sluggishness and crashing of svchost). Feeling
> paranoid, I pulled the Ethernet card, at which point a dialog window
> instantly popped up, stating that sniffer.hackarmy.tk was requesting
> info from the Internet. Research on "sniffer.hackarmy" on Google
> somehow led me to System2.exe (as well as W32 SpyBot worm, another
> tool that seems to use IRC channels to communicate back to the
> hacker). System2 deactivated regedit *and* Ctrl-Alt-Del. Their
> windows would pop up, but not long enough for me to stop System2, only
> long enough for me to see that it was running as a process. Attempts
> to delete the file result in "Access Denied". I installed Recovery
> Console from the Windows XP CD (Start | Run | Cmd | winnt32/cmdcons),
> and was able to delete the file through Recovery Console. This
> technique should work for any OS in the NT family.
>
> - Erik Bjarling (PC hobbyist).
>
> John Doue <notwobe@yahoo.com> wrote in message news:<Gtxgc.438$V2.44@read3.inet.fi>...
>
>>Jef Norton wrote:
>>
>>
>>>"John Doue" <notwobe@yahoo.com> wrote in message
>>>news:Vbrgc.46$V2.3@read3.inet.fi...
>>>|
>>>| No, I do refer to a system2.exe file which is installed by this *.scr
>>>| file. My AV is up to date and so is Adaware. I am not suggesting you try
>>>| this scr file on your system but I was curious. When this happened to
>>>| me, I just restored the registry (I back it up every day) and deleted
>>>| this file and all was Ok. But I did this on purpose, thinking my AV
>>>| would detect something amiss and it did not, that's why I got curious.
>>>|
>>>| Regards
>>>|
>>>| --
>>>| John Doue
>>>
>>>
>>>Hi John -
>>>
>>>Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
>>>looked familiar to a problem I'd recently fixed (System32.exe payload for
>>>the above mentioned worm) and all I came up with was links to what appeared
>>>to be legitimate applications.
>>>
>>>My ISP drops messages with attachments on non-binary newsgroups, so the
>>>messages in question don't show up on my news server.
>>>
>>>Could be you have found something some script kiddie is playing with that
>>>hasn't raised itself above the muck on the web. New exploits that haven't
>>>been triggered (such as those scheduled to "wake up" at some future date)
>>>may not be included in AV software, as they haven't actually done
>>>anything... yet.
>>>
>>>*.scr files are certainly a common way to payload a virus or a worm.
>>>
>>>You're wise to be cautious... but, personally, I'd recommend when it looks
>>>like a duck, quacks like a duck... etc. In other words: why invite trouble?
>>>
>>>Jef
>>>
>>>
>>
>>Jef,
>>
>>You are quite right and I normally do not look for trouble. Don't know
>>why I did this time, I guess I wanted to test my defenses and I am
>>concerned they did not detect anything wrong, except zonealarm which
>>triggered an unusual message supporting your guess about opening ports
>>was right on target.
>>
>>Regards
Fortunately for me, I always have adwatch and zonealarm running. So I
got a message when this pest attempted to open ports and to modify the
registry, which I of course blocked. I then restored my registry (I back
it up every day) and deleted system2.exe without any further problem.

A friend of mine wonders why I keep Zonealarm running although I have a
router with NAT capability which makes theoratically impossible for a
hacker to get into my machine: zonealarm tells me when a program tries
to access the Internet and that is why. I therefore detect software
which without advertizing it attempt to check your registration on a
server, or to open ports for whatever purpose.

Regards

--
John Doue
Anonymous
a b D Laptop
April 30, 2004 7:45:26 AM

Archived from groups: comp.sys.laptops (More info?)

John Doue wrote:
>
> Bjarling, E. wrote:
>
> > Sir,
> >
> > I also found System2.exe on my laptop PC, within hours of hooking up
> > to high speed Internet for the first time, probably because my Windows
> > XP Pro wasn't sufficiently patched. First, my PC started acting
> > strange (unexplained sluggishness and crashing of svchost). Feeling
> > paranoid, I pulled the Ethernet card, at which point a dialog window
> > instantly popped up, stating that sniffer.hackarmy.tk was requesting
> > info from the Internet. Research on "sniffer.hackarmy" on Google
> > somehow led me to System2.exe (as well as W32 SpyBot worm, another
> > tool that seems to use IRC channels to communicate back to the
> > hacker). System2 deactivated regedit *and* Ctrl-Alt-Del. Their
> > windows would pop up, but not long enough for me to stop System2, only
> > long enough for me to see that it was running as a process. Attempts
> > to delete the file result in "Access Denied". I installed Recovery
> > Console from the Windows XP CD (Start | Run | Cmd | winnt32/cmdcons),
> > and was able to delete the file through Recovery Console. This
> > technique should work for any OS in the NT family.
> >
> > - Erik Bjarling (PC hobbyist).
> >
> > John Doue <notwobe@yahoo.com> wrote in message news:<Gtxgc.438$V2.44@read3.inet.fi>...
> >
> >>Jef Norton wrote:
> >>
> >>
> >>>"John Doue" <notwobe@yahoo.com> wrote in message
> >>>news:Vbrgc.46$V2.3@read3.inet.fi...
> >>>|
> >>>| No, I do refer to a system2.exe file which is installed by this *.scr
> >>>| file. My AV is up to date and so is Adaware. I am not suggesting you try
> >>>| this scr file on your system but I was curious. When this happened to
> >>>| me, I just restored the registry (I back it up every day) and deleted
> >>>| this file and all was Ok. But I did this on purpose, thinking my AV
> >>>| would detect something amiss and it did not, that's why I got curious.
> >>>|
> >>>| Regards
> >>>|
> >>>| --
> >>>| John Doue
> >>>
> >>>
> >>>Hi John -
> >>>
> >>>Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
> >>>looked familiar to a problem I'd recently fixed (System32.exe payload for
> >>>the above mentioned worm) and all I came up with was links to what appeared
> >>>to be legitimate applications.
> >>>
> >>>My ISP drops messages with attachments on non-binary newsgroups, so the
> >>>messages in question don't show up on my news server.
> >>>
> >>>Could be you have found something some script kiddie is playing with that
> >>>hasn't raised itself above the muck on the web. New exploits that haven't
> >>>been triggered (such as those scheduled to "wake up" at some future date)
> >>>may not be included in AV software, as they haven't actually done
> >>>anything... yet.
> >>>
> >>>*.scr files are certainly a common way to payload a virus or a worm.
> >>>
> >>>You're wise to be cautious... but, personally, I'd recommend when it looks
> >>>like a duck, quacks like a duck... etc. In other words: why invite trouble?
> >>>
> >>>Jef
> >>>
> >>>
> >>
> >>Jef,
> >>
> >>You are quite right and I normally do not look for trouble. Don't know
> >>why I did this time, I guess I wanted to test my defenses and I am
> >>concerned they did not detect anything wrong, except zonealarm which
> >>triggered an unusual message supporting your guess about opening ports
> >>was right on target.
> >>
> >>Regards
> Fortunately for me, I always have adwatch and zonealarm running. So I
> got a message when this pest attempted to open ports and to modify the
> registry, which I of course blocked. I then restored my registry (I back
> it up every day) and deleted system2.exe without any further problem.
>
> A friend of mine wonders why I keep Zonealarm running although I have a
> router with NAT capability which makes theoratically impossible for a
> hacker to get into my machine: zonealarm tells me when a program tries
> to access the Internet and that is why. I therefore detect software
> which without advertizing it attempt to check your registration on a
> server, or to open ports for whatever purpose.
>
> Regards
>
> --
> John Doue

John,

Which version ZA are you running? I upgraded from v2.6.x and it promptly
crashed. Uninstalled, reinstalled several times, put v2.6.x back on and its
running fine. I swear by it. Works wonders, have the same setup, NAT router
but run ZA to catch ET trying to phone home ;) 

teege
-------------------------------------------------------
The beatings will continue until morale improves.
Anonymous
a b D Laptop
April 30, 2004 2:40:17 PM

Archived from groups: comp.sys.laptops (More info?)

Capt. Wild Bill Kelso, USAAC wrote:

> John Doue wrote:
>
>>Bjarling, E. wrote:
>>
>>
>>>Sir,
>>>
>>>I also found System2.exe on my laptop PC, within hours of hooking up
>>>to high speed Internet for the first time, probably because my Windows
>>>XP Pro wasn't sufficiently patched. First, my PC started acting
>>>strange (unexplained sluggishness and crashing of svchost). Feeling
>>>paranoid, I pulled the Ethernet card, at which point a dialog window
>>>instantly popped up, stating that sniffer.hackarmy.tk was requesting
>>>info from the Internet. Research on "sniffer.hackarmy" on Google
>>>somehow led me to System2.exe (as well as W32 SpyBot worm, another
>>>tool that seems to use IRC channels to communicate back to the
>>>hacker). System2 deactivated regedit *and* Ctrl-Alt-Del. Their
>>>windows would pop up, but not long enough for me to stop System2, only
>>>long enough for me to see that it was running as a process. Attempts
>>>to delete the file result in "Access Denied". I installed Recovery
>>>Console from the Windows XP CD (Start | Run | Cmd | winnt32/cmdcons),
>>>and was able to delete the file through Recovery Console. This
>>>technique should work for any OS in the NT family.
>>>
>>>- Erik Bjarling (PC hobbyist).
>>>
>>>John Doue <notwobe@yahoo.com> wrote in message news:<Gtxgc.438$V2.44@read3.inet.fi>...
>>>
>>>
>>>>Jef Norton wrote:
>>>>
>>>>
>>>>
>>>>>"John Doue" <notwobe@yahoo.com> wrote in message
>>>>>news:Vbrgc.46$V2.3@read3.inet.fi...
>>>>>|
>>>>>| No, I do refer to a system2.exe file which is installed by this *.scr
>>>>>| file. My AV is up to date and so is Adaware. I am not suggesting you try
>>>>>| this scr file on your system but I was curious. When this happened to
>>>>>| me, I just restored the registry (I back it up every day) and deleted
>>>>>| this file and all was Ok. But I did this on purpose, thinking my AV
>>>>>| would detect something amiss and it did not, that's why I got curious.
>>>>>|
>>>>>| Regards
>>>>>|
>>>>>| --
>>>>>| John Doue
>>>>>
>>>>>
>>>>>Hi John -
>>>>>
>>>>>Sorry about that. I'd did a quick 'Google' on System2.exe as your inquiry
>>>>>looked familiar to a problem I'd recently fixed (System32.exe payload for
>>>>>the above mentioned worm) and all I came up with was links to what appeared
>>>>>to be legitimate applications.
>>>>>
>>>>>My ISP drops messages with attachments on non-binary newsgroups, so the
>>>>>messages in question don't show up on my news server.
>>>>>
>>>>>Could be you have found something some script kiddie is playing with that
>>>>>hasn't raised itself above the muck on the web. New exploits that haven't
>>>>>been triggered (such as those scheduled to "wake up" at some future date)
>>>>>may not be included in AV software, as they haven't actually done
>>>>>anything... yet.
>>>>>
>>>>>*.scr files are certainly a common way to payload a virus or a worm.
>>>>>
>>>>>You're wise to be cautious... but, personally, I'd recommend when it looks
>>>>>like a duck, quacks like a duck... etc. In other words: why invite trouble?
>>>>>
>>>>>Jef
>>>>>
>>>>>
>>>>
>>>>Jef,
>>>>
>>>>You are quite right and I normally do not look for trouble. Don't know
>>>>why I did this time, I guess I wanted to test my defenses and I am
>>>>concerned they did not detect anything wrong, except zonealarm which
>>>>triggered an unusual message supporting your guess about opening ports
>>>>was right on target.
>>>>
>>>>Regards
>>
>>Fortunately for me, I always have adwatch and zonealarm running. So I
>>got a message when this pest attempted to open ports and to modify the
>>registry, which I of course blocked. I then restored my registry (I back
>>it up every day) and deleted system2.exe without any further problem.
>>
>>A friend of mine wonders why I keep Zonealarm running although I have a
>>router with NAT capability which makes theoratically impossible for a
>>hacker to get into my machine: zonealarm tells me when a program tries
>>to access the Internet and that is why. I therefore detect software
>>which without advertizing it attempt to check your registration on a
>>server, or to open ports for whatever purpose.
>>
>>Regards
>>
>>--
>>John Doue
>
>
> John,
>
> Which version ZA are you running? I upgraded from v2.6.x and it promptly
> crashed. Uninstalled, reinstalled several times, put v2.6.x back on and its
> running fine. I swear by it. Works wonders, have the same setup, NAT router
> but run ZA to catch ET trying to phone home ;) 
>
> teege
> -------------------------------------------------------
> The beatings will continue until morale improves.
Teege,

I am running the free version 4.5.594 which the latest as far as I know.
I am quite surprise you could have such an old version, is it a typo?

--
John Doue
Anonymous
a b D Laptop
April 30, 2004 6:44:47 PM

Archived from groups: comp.sys.laptops (More info?)

John Doue wrote:
>
> Capt. Wild Bill Kelso, USAAC wrote:
>
> > John Doue wrote:
> >
> >>Bjarling, E. wrote
> >>>>
> >>>>
> >>>>>"John Doue" <notwobe@yahoo.com> wrote in message
> >>>>>news:Vbrgc.46$V2.3@read3.inet.fi...
> >>>>>|
> >>>>
> >>>>Regards
> >>
> >>Fortunately for me, I always have adwatch and zonealarm running. So I
> >>got a message when this pest attempted to open ports and to modify the
> >>registry, which I of course blocked. I then restored my registry (I back
> >>it up every day) and deleted system2.exe without any further problem.
> >>
> >>A friend of mine wonders why I keep Zonealarm running although I have a
> >>router with NAT capability which makes theoratically impossible for a
> >>hacker to get into my machine: zonealarm tells me when a program tries
> >>to access the Internet and that is why. I therefore detect software
> >>which without advertizing it attempt to check your registration on a
> >>server, or to open ports for whatever purpose.
> >>
> >>Regards
> >>
> >>--
> >>John Doue
> >
> >
> > John,
> >
> > Which version ZA are you running? I upgraded from v2.6.x and it promptly
> > crashed. Uninstalled, reinstalled several times, put v2.6.x back on and its
> > running fine. I swear by it. Works wonders, have the same setup, NAT router
> > but run ZA to catch ET trying to phone home ;) 
> >
> > teege
> > -------------------------------------------------------
> > The beatings will continue until morale improves.
> Teege,
>
> I am running the free version 4.5.594 which the latest as far as I know.
> I am quite surprise you could have such an old version, is it a typo?
>
> --
> John Doue

Nope, no typo, v2.6.362. Works fine, actually more stable than the newer
versions with Win98SE.

TJ
=========================================================================
The only time you have too much fuel is when you're on fire.
!