Good afternoon all, Last week we found one machine in our department infected with malware that caused massive pornography popups. Also along with it was the recent Microsoft Antivirus/antispyware 2008 infection. After several failed attempts to rid the machine of viruses, we resorted to reimaging the machine. This week, I have faculty and staff returning from the wilds of the internet, and my individual workstation firewalls are detecting a large number of scans on port 2869 coming from, it turns out, machines that are now infected with something like the MS Antivirus trojan program. I'm assuming some of these were well meaning individuals who thought it was a legitimate program, and were fooled into downloading it on their home Comcast/AT&T-DSL networks, and have now brought it with them into work. I'm also seeing our antivirus software trying to quarrantine a program called " ie4uinit.exe " which I tried looking up in the Symantec threat database, but it doesn't show up in their list... yet. I'm running a majority of WinXP workstations here, but I can't be sure that all my users were diligent about running Windows Updates when they took their laptops home during the summer months. Is anyone out there currently fending off a virus attack, and are you seeing large amounts of activity on port 2869? Anyone out there know what this thing is, or better yet, how to stop it, I'd love to hear from you. I'd hate to think we're seeing another possible slammer worm here. John A. Resotko Head of Systems Administration Michigan State University College of Law 208 Law College Building East Lansing, MI 48824-1300 email: [log in to unmask] Phone: 517-432-6836 Fax: 517-432-6861 Current Chairperson of the MSU Network Communications Community