As far as i understand the virus is in the server not the client - one of my users got mail that SHE supposedly sent from another domain. what the virus does is enter the mailing list and pick a random name than sends itself with this name but his domain name i.e. simpits.org , usually the user that the mail comes from has nothing to do with the virus and knows that his name was used last. Ido