Bill, its the DCOM RPC exploit. The worm seems to be named msblast dot ee ex ee. Search on that and you will get loads of info, plus the 14 step email that replies to this thread. ===== http://www.pixelmech.com/ :: Web Development Services http://www.DMXzone.com/ :: Premium Content Author / JavaScript / Every Friday! http://www.maccaws.com/ :: Group Leader [Making A Commercial Case for Adopting Web Standards] "That's not art, that's just annoying." -- Squidward