Hi all, I tried to help somebody whose system was sending hundreds of klez infected emails to newsgroups. I told her to get the clrav.com tool at kaspersky's and do the scan in windows, windows safe mode and in msdos. After to get an online scan at one of the known sites. Till she would come out clean not to trust her local av/at, but immediately afer to update the databases. She has an WinME system and her av is NAV2000. She says she came out all clean with every scan. This surprises me more then highly. I had told her to disable the system recovery just in case. She sent a few emails from the same email account, same IP, as far as i can see same routing, but i think she logged in as another user as those emails are completely clean, no klez, no iframe exploit. As she says she does not have different ways of logging in, no network, just her and her C:\ drive, i'm even more surprised about this. It can't also be done by her ISPs mailserver, for then the other emails from the same email account would not have been clean. In the infected emails her routing is each time pasted inside the header with extra some of her addressbook or inbox addresses, exactly like Klez always does. As all time her IP is used, i don't think any other person is involved. Any ideas so far? Good; i had told her after all the scanning and possible cleansing to update her av, NAV2000. Unfortunately she decided to uninstall that completely and to install NAV2002. And this does not want to be installed, it keeps telling to install NAV2000. I don't run NAV so i don't have the slightest idea. Could this mean there is still some infection somewhere on the system, or should she just try to reinstall her NAV2000 version and after that upgrade to 2002 or are there risks in that? Thanks in advance for the insights! I am sure this kind of problem has geen answered but searching here can't find the answer.