Yes, I was wondering what the keylogger was set up to do [potentially get your passwords or allow outsiders to control your computer]. Sophos has come through for me [us]. This outfit primarily sells [costly] antiviral software to big concerns. However, they are "concerned" enough about the common folk that they created and offer a downloadable or emailable cleaning tool specifically for W32/Bugbear-A, as well as providing more information on the keylogger/backdoor. They have changed their website to low graphics format in reaction to the masses of people surfing over there to get this good stuff. I guess other AV firms will create such a program as well. OK below is the info. thepccat ================================= From: Sophos Alert System <emergency-return@xxxxxxxxxxxxxxxx> Subject: Bugbear disinfection tool available from Sophos [excerpt] Sophos researchers have developed a standalone tool which detects and disinfects the commonly encountered W32/Bugbear-A worm. You can read more about Bugbear and download the disinfection tool from Sophos's website at http://www.sophos.com [this is available as self extracting exe or zip file] Alternatively, you can email bugbear-request@xxxxxxxxxx to have the utility and instructions automatically emailed back to you as a Zip file. ------------------------------------ [info about their email emergency notification services fyi, they offer two other email services, see the site] http://www.sophos.com/virusinfo/notifications/ * Emergency information. When there is a serious virus emergency, you will receive a warning. An emergency might be the appearance of a virus that spreads very rapidly (like Melissa or LoveLetter) or that has a particularly serious side-effect (e.g. CIH). Emergency warnings are sent much less frequently than regular IDE notifications for new viruses in the wild. Privacy Policy Sophos maintains a strict "no-spam" policy. Your email address is used only by Sophos and its partners. You can be assured that your email address will NEVER be passed on to any other outside company without your permission or used by Sophos to send you unrequested promotional material. ================================= [from the readme file of the disinfector] W32/Bugbear-A is a worm, it does not infect files. All W32/Bugbear-A files can be deleted. To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with "unsubscribe juno_accmail" in the body or subject. OR visit //freelists.org ~*~