In the past two days, Norton Anti-virus has found the Fake.Gina Trojan on two computers in my department. The odd thing is that it found it at boot time, when the system loads it in response to a registry hack. At this point, the trojan .dll is already in the system32 folder. It seems as though NAV should have found it when it when it was written there and quarantined it at that point, so we're puzzled as to how it's getting there. Has anyone else run into this recently? (According to Symantec, the trojan itself has been around for over a year.) These computers have Microsoft's RPC vulnerabilities patched, but did not have the more recent patch for the Messenger Service. --Chris ============================================== Chris Wolf Computer Service Manager Agricultural Economics [log in to unmask] Michigan State University 517 353-5017