It was "W32/Bugbear.A@mm", according to F-Prot. http://www3.ca.com/virusinfo/Virus.asp?ID=13233 Still, must have been a variant, because the attach's base name wasn't in the list there. It was "pacha". It instilled itself in a DLL file, c:\windows\system\zaallpq.dll, which allowed it to spook ZoneAlarm and create the two .exe files described earlier. Two things the .exe's did were to shutdown ZoneAlarm straightaway it opened (altho not corrupt or disable it, tho I reinstalled it =chust= in case...), and to spook our domain- name-system (not sure how it did that, since that's handled dynamically by Juno) so we couldn't surf anywhere, even though we could still start and log onto Juno. -- BOB To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with "unsubscribe juno_accmail" in the body or subject. OR visit //freelists.org ~*~