My super-big trojan reference returns! A must-read!

Kwisatz · July 2, 2004

This guide was on the old forums. I dug it up from my backups and reposted it here, in full form, except with the last section completed and some of the more sensitive material removed. Suggestions welcome.

BTTF Man's Ultimate Insider's Guide to Trojans

"Everything you wanted to know because you were victimized but were afraid to ask!"

Well, after seeing all of the "I've been hacked" posts and such, I've decided to write a guide about trojans and how they work. However, what makes this guide special is the fact that it's from the malicious user's point of view. Meaning, rather than speculating from reports of a trojan and such, I have actually gotten information about the forces behind the trojans (I will not say how, because the last time I did, certain people got mad at me, and I don't blame them).

DISCLAIMER:

I do not guaruntee that this guide is free of technical, spelling, or grammatical errors; however, I have done my best to make it so. I will not be held responsible for whatever you do with the information contained herein. I wrote everything myself and took all screenshots, unless indicated.

Also, please note that I will be posting this in seperate sections which I will release at regular intervals (daily, I hope), since I am in impatient, stubborn little monkey, and so you don't feel overwhelmed having to read a whole bunch of technical ramblings at once :P. Now, let us begin!

BASIC TROJAN PROCESS AND TECHNIQUE Section I; Added April 27 2004

What exactly is a trojan? How is it different from a virus?

The most commonly accepted definition of a trojan is any malicious program that allows a malicious user (which will be referred to as a hacker from here on in, even though they would be crackers and aren't even that) to control and/or monitor your computer. The primary difference between a trojan and a virus is the fact that viruses are destructive. While a trojan can be used for destructive purposes, it is most often used by a person to obtain information, such as passwords, or just 'for fun'. And, trojans do not [usually] replicate themselves and spread, although the user can manually email/IM/whatever it to the victim's friends. A trojan may also be referred to as a rootkit or Remote Administration Tool (RAT for short).

What groups are trojans classified into?

Trojans are classified into four primary groups: keyloggers, 'lite' trojans, and full trojans, and downloaders. A keylogger's primary function is to log the keystrokes and windows of a victim so that passwords may be obtained, but it may also contain several other small features. Lite trojans are trojans that include basic capabilities such as screen capture, keylogger, file manager, and the like; they are used seldomly by avid hackers. Full trojans are full-fledged trojans that have a great many features, and are the most destructive. The downside to this is that the file size is relatively big (200KB-ish regular, 70KB-ish UPXed; more on this later). This is where the next group of trojans come in.

What is a downloader?

A downloader is a small transparent program that downloads and executes a file/files from an HTTP server, or a website. This means that it can be easily bound to another program, since it is so small (more on binding later). Downloaders are often used to download a full trojan, saving file size and making it more stealthy.

How would I be infected?

Well, there are many possibilities. The first is that you downloaded an e>

What is binding? Modified April 28 2004

Binding is the process of taking two seperate programs and combining them into one, somewhat like a .z!p file, only an .e>

BINDER CODE (what seperates and executes the combined files)

------------------------------------------------------------

FILE 1 (one of the files to be extracted and executed)

------------------------------------------------------------

FILE 2 (the other of the files to be extracted and executed)

Then, when the bound file is run, it will either execute or drop a file in a specified folder. So, even if an application loads, it may have a trojan bound to it.

Some of the better binders may also bind more than two, as well as scramble it and UPX or FSG it.

What is UPX and FSG?

UPX and FSG are two methods of taking an executable file and making it smaller through compression. This is similar to a .z!p file in the aspect of compression, but it differs in the facts that it doesn't need an external program to decompress it and that it is only one file, as in the below diagram:

DECOMPRESSION CODE (what decompresses the program code)

------------------------------------------------------------

PROGRAM CODE (the actual program to be ran, only compressed)

As I mentioned earlier, UPX and FSG can take a 200KB file and make it 70KB, so watch out!

What will happen in the infection process?

Here are the actual steps of what happens when you get infected (in no particular order):

1. It will copy itself to the Windows or System folder and delete the original copy.

2. The trojan will run (duh) and connect to the internet.

3. It will notify the hacker through the chosen method of notification (details below).

4. It will add startup entries so that it runs when the computer starts up.

5. It will display a fake error message and/or run the program it's bound to.

-OR- (if it's a downloader)

1. Connect to the internet and download the trojan.

2. Execute the trojan.

3. Delete itself.

How does the hacker know I am online and they can connect to my computer and control it?

Almost every trojan has built-in notification that uses some form of communication, the most popular ones are listed below.

Email: An email is sent to the hacker with details about your computer and all info necessary to connect to it.

SIN: Your computer sends a message to the hacker, and the hacker instantaneously receives the notification. They can then reverse-connect, thus bypassing a router or firewall. This is the only method of notification that can do this. The downside is that it can be easily traced (unless they're using a proxy or a service like NoIP), but many people still use it.

YIM/MSN/AIM/IRC: The hacker receives a message via chat or IM giving them details.

Website: Your computer invisibly visits a website and sends information to the website, which then logs your computer and adds it to a list. The hacker can then check this list and see the info your computer left.

What will be in the next section:

An inside look at one of the more popular trojans

-All capabilities revealed

-How to trace it revealed

-How to remove it revealed

-Screenshots of the builder

What will be in sections after that:

-Stories from actual hackers of what they do to their victims

-More about how the trojan's underlying code works (geeky technobabble)

-How to defend yourself (know what does and doesn't work, in great depth)

AN IN-DEPTH LOOK AT CIA - A POPULAR TROJAN Section II; Added April 28 2004, Last modified on October 4 2004

Well, the information in the above section was only about trojans in general. In this section, I shall examine a specific trojan, which will be referred to only as CIA, as to avoid any Googling by some of the shadier forum users.

This trojan is one of the more popular, ones, and out of Sub7, Beast, Optix, and NetDevil, it has the most extensive features. Believe me, NetDevil is NOTHING compared to this. I will be examining and analyzing how it works, what it can do, how to remove it, how to detect it, and how to trace it.

Please note that these explanations do not apply to all trojans; you will have to go to other places for that. This is simply an explanation of one of the more advanced trojans, so you may be prepared for this and whatever else may come your way.

Features:

A general list of features compiled by myself is below:

Management of:

Files

Registry

Processes

Services

Windows

Messages (like Message Boxes)

MS-DOS Scripting

Resolutions of monitor(s)

Visual/Audio:

Webcam Capture

Screen Capture

Keylogging

Streaming Audio

Recovery of:

File find

Computer information (including encrypted Yahoo pass)

Passwords (Dialup, Trillian, Cached, and Protected Storage)

CD Keys for 30 different programs

Clipboard

Communication:

Chat with victim that they can't exit out of

"Fun" Options:

Open/Close CD Tray

Swap Mouse Buttons

Flip and Shake Screen

etc...

Applications:

Fake Yahoo and MSN Login

Go to any IE page any time

Set IE start page

Here are the features that are available when the trojan itself is being created:

Icon change

UPX compression

Many different startup methods (I'll talk about this in greater detail later)

Ability to run a SOCKS (proxy) or FTP server

Fake error message

...and this list is abbreviated, containing only general features, so watch out!

Startup methods

CIA has a multitude of different startup methods that, when used, can make the trojan almost impossible to remove, unless you know where to look. You can use the Microsoft utility msconfig to remove these references (except for two, which I will mention). To start msconfig, go to Start>Run and type msconfig. You will then be able to navigate through multiple tabs and views to check, uncheck, and delete startup references. **NOTE: I will not be able to provide exact filenames, since that is changeable by the hacker. Here are the startup methods available:

Registry run: It starts up from the registry. Go to the Startup tab. If anything looks out of the ordinary, Google for it. If nothing comes up, is is most likely the trojan. Delete it.

Registry run services: It starts up from the registry, but in a different location than the previously-mentioned one. If you see a duplicate of the entry you deleted from the above method, this is it. Delete it.

ActiveX: This one is a bit fuzzy, but I think it's whenever an ActiveX (special type of add-on for programs) is run, the trojan runs as well. Nothing you can really do about this, I don't think.

System.ini: It places itself in the System.ini folder. To remove it, go to the System.ini tab and look through all the sections. If you find an entry similar to the one from the Registry run, delete it.

Win.ini: Same as System.ini, except in a different file. Do the same thing as described above to remove it.

Explorer run: The trojan binds itself to the explorer[Caution: ExecutableFile] file, which is the core of windows, so there's nothing you can do about this, except restore a backup.

Windows NT run: Not quite sure about this one, since I'm not on NT or XP, but from what I've gathered, it latches itself onto some of the NT-only files that are required by Windows to run.

Connectivity information

The trojan runs itself on ports 6222, 5222, and 4222 by default, although these can be changed by the hacker (but are often not). If you suspect somebody is connected to your computer, pray to God they are not monitoring your windows too closely and go to Start>Run and type in command. From there, type netstat -a and you'll get a list of ports. If anything says 6222, 5222, or 4222, they're in, and you should yank out your internet connection and remove the trojan immediately.

The trojan also goes through Internet Explorer to use the website notification features. Check your history in Internet Explorer. If you see a site you haven't been to (hackers usually use Netfirms or Lycos UK), it may be the logger. Go to that page. If a page blank page or a page with a password entry box comes up, it's their logger. Remove the trojan immdeiately.

Underlying code (GEEKY TECHNO-BABBLE)

Although I will not provide exact code, the author of the trojan has showed some people how to do certain things. First of all, you must realize that the trojan is coded in Visual Basic 5 and 6, before you get anything else. That and the fact that the server (trojan) is coded in VB5, whereas the client and builder (control program and creator, respectively) are coded in VB6. Now, to the code!

The trojan utilizes many of the core .DLL files of Windows to run. These files include, but are not limited to, kernel32.dll, user32.dll, and other files required by Windows. It also uses some of the built-in functions of VB to do things such as log keys, and uses plugins that are uploaded to the victim's computer to access certain functionality (more on plugins next).

Plugins

The trojan uses several external files to access functions that are otherwise not built into the trojan. For instance, all of the major features are integrated into the trojan, except for screen/webcam capture, password recovery, and MSN/Yahoo functions. This enables the trojan to maintain a small filesize. So, whenever the hacker uses these features, he uploads them to the victim's computer. The trojan can then use the features. The filenames of the plugins are static (always the same), and here they are:

cjpg.dll - The screen and webcam capture functions.

msn6.cip - The fake MSN messenger screen.

yah5.cip - The fake Yahoo IM screen.

pspv.cip - The password stealer.

If you suspect you are infected, run a search for these files on your computer. If you find one, you are infected.

Tracing

It is very possible to trace the source of the trojan, either through their IP address, their No-IP address, or their logger hosting. To trace anybody, go to the MS-DOS prompt and type netstat -a to see a list of connections. If something with no-ip.com in it comes up, or anything on 6222, 5222, or 4222, make a note of the date, time, address, and any symptoms you had of infection. Then, if it's a No-IP address, go to their web site [http] and report abuse of it. If it is just a regular old IP address, note the date, time, and other junk and call up the local police station; they may be able to handle it.

Or, if you checked Internet Explorer and found their logger page, send an email to the abuse department of the web host telling them about it. Congrats, you just busted a hacker :).

Removal

It is not very easy to remove a trojan of this caliber. But, here is what you can do:

1. Verify that you have the trojan.

2. Note the filename of the trojan from the startup entries, and delete them.

3. Delete the trojan (the filename you got from the startup entries).

4. Locate and delete the plugins (a file search will do).

5. Change your passwords.

How the Server Builder Works

The Server Builder is able to create a complete EXE with nothing more than a 2MB file. How is this possible without, say, a Visual Basic compiler, you might ask? Well, this trojan, just as many other related tools, use stubs, or parts of the end-product. The Server Builder generates the code from the entered values, and then merges it with the stub, creating a complete EXE. This may seem idiotic on the hackers' parts, but it isn't; this enables them to scramble/recompile/compile undetectable stubs, which mean undetectable servers, which mean undetectable trojans.

Coming next:

-How to defend yourself (know what does and doesn't work, in great depth)

HOW TO PROTECT YOURSELF FROM CIA AND OTHER POPULAR TROJANS Section III; Added July 1 2004, Last modified on October 4 2004

How to defend yourself

Here, I will talk, in great detail, about how to defend yourself from this and other trojans.

Anti-virus

This may or may not work. Some anti-virus applications do not go beyond the scope of simple self-propogating, destructive viruses, meaning that you are not protected against trojans or spyware. The virus which I talked about in this guide is not detected by Norton, partially detected by AntiVir, and completely detected by McAfee. So, my advice to you is to not open suspicious files. However, when I say that AntiVir partially detects it, I mean that it must get on your computer before it can detect it. And since CIA and many other trojans can shutdown anti-malware processes, the only truly safe choice out of the mentioned applications is McAfee.

This does not mean McAfee is the best; it simply means that in this particular case McAfee is the best. My advice to you is to get Nod32, which is mentioned later in this guide.

Anti-Spyware

As with anti-virus, this may or may not work. Seldom do anti-spyware vendors classify trojans as spyware. Pestpatrol is the only one I know of that does. So, if you don't have McAfee, get PestPatrol.

Firewall

This can or cannot be useful. Once the trojan gets on your computer, it will sometimes try to broadcast the IP address or "phone home". If you have a firewall, this can be stopped, as well as the hacker connecting. However, if the trojan kills your firewall, this is pointless. But still, it's good to have a firewall.

Avoiding infection

The most vital part of stopping a trojan infection is to not even get it on your computer in the first place. This requires common sense. For instance, don't download files from suspicious websites or accept files from anybody, via IM or email. If your "friend" messages or emails you, ask your friend to bring a CD or floppy to your house to give you the file(s). Or, ask them to mail it if they live far away.

Windows update

A fellow reader mentioned that I neglected to mention the most useful tool of all - Window Update. What is Windows Update, you ask? Windows Update is a service, provided by Microsoft, to supply patches to fix the security holes on your machine. In regular terms this means that you download updates and the [majority of] security problems on your machine get fixed. In here, I have a step-by-step guide to using Windows Update.

Windows Update for Dummies

To do this, you will need:

A computer, a mouse, a keyboard, an internet connection, a monitor, some semblance of wit, and the Microsoft Windows operating system.

First, navigate in your Internet Explorer to http://windowsupdate.microsoft.com. You'll see a thingus like this:

This means it is checking for the latest version of Windows Update. If any security warning pops up about Microsoft or Windows Update, click Yes.

Then, after a short while, a thingus like this shall appear:

This asks you to select what type of update to do. Express is for lazy people, like myself, and will only install the important stuff. The second option will install the entire thing, the big shaboozie, as it were. Click Custom Install, since we want the very finest for our computer.

This page comes next in line:

This means it's looking for updates. Leave this and check back in 5 minute intervals, until the next page comes up:

Now, you can either install this big update called Service Pack 2 if you don't already have it (like me), or install other updates. I recommend installing SP2, but for our purposes let's install other updates. Click that option to continue. NOTE: You may not see this exact page if you have SP2. Just click Next or whatever it tells you to click.

Here's the page where you get to choose the updates. Use the checkboxes to select which updates to install, and use the part on the left to select what category of updates to browse. When you're finished, click the Go To Install Updates link to install the updates. It will prompt you a second time; click the Install button.

This will pop up:

From here, you will have to do what the onscreen instructions say. You may need to restart your computer one or more times as well.

In any case, once this is done and you've restarted, your computer has all the security vulnerabilities sealed and is good as new! There.

This is not foolproof, and you can still be infected if you update a lot. But it's a good rule of thumb to update once a week. See the next section for other utilities that I recommend having in your anti-trojan arsenal.

Popular Utilities

Here are some of the utilities mentioned in this guide, as well as others that are useful

Firewalls:

ZoneAlarm FREE!!!

Sygate FREE!!!

Anti-virus:

Norton Anti-Virus

McAfee Anti-Virus

AntiVir I RECOMMEND THIS OVER AVG!!! FREE!!!

TrendMicro

Nod32 HIGH DETECTION RATES, CONSISTENT AWARD WINNER

Anti-Spyware:

PestPatrol

SpyBot I RECOMMEND THIS OVER AD-AWARE!!! FREE!!!

Ad-Aware

Online scans can be found at Symantec, McAfee, and TrendMicro sites.

That concludes my guide on trojans. I've finally finished it up, and I hope it can help you protect yourself.

Until next time,

BTTF Man

Peter · July 2, 2004

Wow, that's quite the guide :wink: . Too bad I don't have any trojans, but if I do I know where to come.

Magus · July 4, 2004

As a knowledgeable user of computer/network security, I'm also going to recommend AVG Anti-Virus. I've done thorough tests with copies of Norton & McAfee 2004, both of which have flaws and many installation problems. Norton has a tendancy to pull up many false positives, being hyper-jumpy about everything you do, and McAfee misses quite a few viruses.

You've also failed to mention that there are many other malicious trojans out there like this one -- Sub7 being one of the worst. I will caution users that use IRC and go to networks that do not use hostmasking (ie, your address is partially masked). There are Sub7 bots that gather IP addresses and continue to spread infection.

You failed to point out one serious critial update the user needs to perform -- Windows Update. Seeing as how 95% of the household (and corporate, for that matter) world uses some version of the Windows operating system, Windows Update is needed. Worms such as Sasser and Blaster (BOTH of which my old school got hit with -- and didn't Sasser have a patch 3 weeks before it's release?) use exploits that are patched by downloading the fixes from Windows Update.

You're making a lot of claims about finding stuff in the registry that appears out of the ordinary -- to a lot of users, stuff in the registry will appear out of the ordinary. That does NOT mean you should delete it.

You also didn't say what a user infected with any sort of RAT (Remotely Activated Trojan -- CIA, Sub7, Netbus, NetSphere, etc are examples of a RAT) could have happen to them. Well, here is a small list that comes to mind.

-Run as a XDCC bot (file exchange, generally warez or other illegal materials)

-Used in a botnet for packeting purposes (as in your bandwith is used to flood someone else offline)

-Used as a base of spreading an infection (your computer will continue to spread said infection via KaZaA/other P2P transfer, IRC, any IM service, HTTP servers (many attack unpatched IIS servers, the HTTP server built into Windows), and more)

These are the most common functions. There are many more, to suit the taste of the attacker.

I hope I've cleared a few things up and added some more insight.

neo_bahumat · July 7, 2004

excellently put together

should be made sticky

mark · October 4, 2004

thats really helpful, thank you

x76 · October 4, 2004

Explorer run: The trojan binds itself to the explorer.e3e (CAUTION - executable file) file, which is the core of windows, so there's nothing you can do about this, except restore a backup.

LIES! there's ways to get rid of it...it doesn't permanently change explorer[Caution: ExecutableFile] it just hijacks it's memory...you can usually find a .com or [Caution: ExecutableFile] file on your computer related to the trojan

oh and you should also change every instance of "hacker" to "script kiddie" in your post

Kwisatz · October 4, 2004

Explorer run: The trojan binds itself to the explorer.e3e (CAUTION - executable file) file, which is the core of windows, so there's nothing you can do about this, except restore a backup.

LIES! there's ways to get rid of it...it doesn't permanently change explorer.e3e (CAUTION - executable file) it just hijacks it's memory...you can usually find a .com or [Caution: ExecutableFile] file on your computer related to the trojan

oh and you should also change every instance of "hacker" to "script kiddie" in your post

Uh, no. It BINDS itself (read: permannently embeds) to explorer.exe . That is, it inserts its own binary code into the file. Unless you reinstall a backup of explorer or reinstall Windows, there's natta you can do about it.

And by the way, this is not a post about political correctness. I realize that hackers are actually good people and crackers are an evil breed of hackers, but many people do not realize this and I must simply go with the most accepted terminology.

Herr · October 4, 2004

Can stick the hard drive in another machine and clean it that way :P

Kwisatz · October 4, 2004

As a knowledgeable user of computer/network security, I'm also going to recommend AVG Anti-Virus. I've done thorough tests with copies of Norton & McAfee 2004, both of which have flaws and many installation problems. Norton has a tendancy to pull up many false positives, being hyper-jumpy about everything you do, and McAfee misses quite a few viruses.

You've also failed to mention that there are many other malicious trojans out there like this one -- Sub7 being one of the worst. I will caution users that use IRC and go to networks that do not use hostmasking (ie, your address is partially masked). There are Sub7 bots that gather IP addresses and continue to spread infection.

You failed to point out one serious critial update the user needs to perform -- Windows Update. Seeing as how 95% of the household (and corporate, for that matter) world uses some version of the Windows operating system, Windows Update is needed. Worms such as Sasser and Blaster (BOTH of which my old school got hit with -- and didn't Sasser have a patch 3 weeks before it's release?) use exploits that are patched by downloading the fixes from Windows Update.

You're making a lot of claims about finding stuff in the registry that appears out of the ordinary -- to a lot of users, stuff in the registry will appear out of the ordinary. That does NOT mean you should delete it.

You also didn't say what a user infected with any sort of RAT (Remotely Activated Trojan -- CIA, Sub7, Netbus, NetSphere, etc are examples of a RAT) could have happen to them. Well, here is a small list that comes to mind.

-Run as a XDCC bot (file exchange, generally warez or other illegal materials)

-Used in a botnet for packeting purposes (as in your bandwith is used to flood someone else offline)

-Used as a base of spreading an infection (your computer will continue to spread said infection via KaZaA/other P2P transfer, IRC, any IM service, HTTP servers (many attack unpatched IIS servers, the HTTP server built into Windows), and more)

These are the most common functions. There are many more, to suit the taste of the attacker.

I hope I've cleared a few things up and added some more insight.

I have tried AVG and the free Anti-Vir I recommended. Anti-Vir is better translated, faster, detected the trojan as well as Sub7 and Beast, and is more utilitarian, which is way more than I can say for AVG.

Usually, trojaners hook victims for fun or to gain information, and don't use them as bots. Viruses are what run as bots, because they require no user intervention. I've never heard of someone spending lots of time gathering victims and using them to DoS a website. That's what viruses are for.

And I DID mention other trojans, amoing which were Sub7 and NetDevil, both of which are insignificant compared to the shear power of this malicious application which I am explaining.

Read before you speak.

Kwisatz · October 4, 2004

BUMP - Updated it with all the stuff people suggested.

Very thorough now.

DaN · October 5, 2004

thts a very good guide thanks for posting it.

I even bookmarked it.

First tip.it page to be bookmarked by me. 8)

tubarina · April 5, 2005

That was a well put together easy to understand explanation on trojans. All i have to say is if you happen to be infected with a trojan (i was the other day it duplicated itself to about 570 total trojans lol and i time stamped it to the exact time i was using steam so watch out for steam and i am not saying steam did it, it just activated it) that is alot of trouble and cause you alot of hard hours to fix just buy a copy of XP or whatever OS you want and reformat the comp. (dont do this if you have not backed up any of your files because they will be gone. I recomend that everyone backup all inportant files on you comp)

skelm · April 5, 2005

pity you forgot to mention you stole this guide...

http://www.zanet.co.uk/forum/YaBB.pl?board=discuss;action=display;num=1091128671

Forceape · April 5, 2005

Ahaha No he did write it lol i am "Force" and i copied and pasted it on to there cause i thought it may be helpful to them i would link it to this post but you cant view it if ur not a member :oops: Sorry :oops: lol

Mercifull · April 5, 2005

pity you forgot to mention you stole this guide...

http://www.zanet.co.uk/forum/YaBB.pl?board=discuss;action=display;num=1091128671

Or that Bttfman = Dave ;)

*slaps skelm*

DaN · April 5, 2005

pity you forgot to mention you stole this guide...

http://www.zanet.co.uk/forum/YaBB.pl?board=discuss;action=display;num=1091128671

Check the date both posts also check the domain that the images in both posts link to.

Forceape · April 5, 2005

Lol i already explained i copied and pasted it to that site :roll: Sorry if it was wrong..... :roll:

Mercifull · April 5, 2005

pity you forgot to mention you stole this guide...

http://www.zanet.co.uk/forum/YaBB.pl?board=discuss;action=display;num=1091128671

Edit: Force explained it :P

*slaps skelm*

Kwisatz · April 5, 2005

Skelm...

It was posted by Force on Zanet. Who's force? ForceAPE!

And I posted on that thread too...http://www.zanet.co.uk/forum/YaBB.pl?bo ... 1;start=18

third post down.

Don't accuse me of plaigarism. I don't take it well.

skelm · April 5, 2005

hmn, my apologies bttf man :) :D

Elite · April 5, 2005

haha..i just fcking know he stole it from somewhere. :lol:

Mercifull · April 5, 2005

haha..i just know he stole it from somewhere. :lol:

ermm open your eyes mate, he already explained why theres a copy of the post there :roll:

Forceape · April 5, 2005

K sorry if i done wrong lol but i did state there it wernt my work

Elite · April 5, 2005

haha..i just know he stole it from somewhere. :lol:
ermm open your eyes mate, he already explained why theres a copy of the post there :roll:

hi matey, i mean that he didnt wrote it all himself, he stole some stuff from others. :roll: :lol: :lol: :lol: :lol:

Kwisatz · April 5, 2005

haha..i just know he stole it from somewhere. :lol:
ermm open your eyes mate, he already explained why theres a copy of the post there :roll:

hi matey, i mean that he didnt wrote it all himself, he stole some stuff from others. :roll: :lol: :lol: :lol: :lol:

What do you mean by that? You cannot copyright knowledge. Obviously all of this came from somewhere else, I didn't just make this all up; I learned through personal experience.

My super-big trojan reference returns! A must-read!

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information