I'm wondering about msmsgs.exe. On my Port Explorer I have 8 sockets devoted to it. 3 are UDP and 5 are TCP. The ports are ranging from 1032 to 10082 for local and from 0 to 1863 remote. 2 of the UDP remote ports are marked with * and 3 are marked with 0. This is the same for the remote addresses on these three. One UDP socket shows localhost 127.0.0.1 for both local and remote address. 2 of the TCP sockets have *msmsgs.exe as the process name while the rest have only msmsgs.exe. The port reference for local 1032 says RAT : G.R.O.B. and this concerns me. I check my sockets daily and am obviously still learning what to make of the info in front of me. I sometimes have 3, 6, 8 and more sockets for msmsgs.exe. It's not always the same number. I have had several port references naming a variety of RATs and this info also changes. The ones that are ports known to be used by RATs always have no remote address to resolve or trace. I have TDS-3 and scan fairly frequently. I haven't detected anything via these scans to date. My first question is really to know how many sockets should messenger be using? Does this number change? Why are some of the remote addresses blank? and finally why are two of the process names prefixed with *, while the others are not? Whew! Thanks in advance to anyone who can educate the boy here. I stand eager to learn.