Hi. This is a typical entry in my Spyblocker log : ---- "Logged Entry Saturday, Dec 7 2002 at 07:17:16 PM Remote Port: 1604 Local Port: 80 Host: 18.104.22.168 [WORM] [BLOCKED] Worm: Code Red/II/Nimda Variant NOTE: The actual worm contents have been suppressed to avoid Anti-Virus programs from alerting you with False Positives." Is there any way of telling where the Worm came from? I have had these entries when visiting sites which I felt sure wouldn't try to set Worms and I wondered if it is possible for them to be "smuggled" in by third parties when you are visiting a site ? Any enlightenment would be appreciated Cheers. Alpha.