Hello- This might get confusing.... I recently did some computer work for a friend, we'll call her Donna. It involved formatting and re-instaling the OS on two computers. One with Windows XP Home (SP1) and one with Windows ME. Both are currently up-to-date with patches etc. from Microsoft. Grisoft's AVG Antivirus installed on both. Here's the problem: Donna's sister (Betty) keeps receiving email from Donna that is infected with the "W32.Beagle.X@mm" virus. Both of Donna's computers have passed every free antivirus scan I know of. (On line and off, demo version or otherwise) I am confident that neither of Donna's computers are infected with that virus. Betty forwarded 2 messages that Yahoo determined was infected with the virus. (Yahoo deleted the attachment). Upon looking at the headers and tracing the originating IP (using www.senderbase.org) it seems that the mail is coming from zeecon.com. Nobody involved in any of this has any dealings with zeecon.com. Donna's ISP is Charter. I'm not sure what ISP Betty uses, but she uses Yahoo for her email. When Betty sends me email, the originating IP traces back to Charter. What can be done? Does Betty just have to be thankful that Yahoo is catching the virus? Is it possible that the originating IP is spoofed? If not, does zeecon.com have ant responsibility to straighten this out? Thanks for your advice- Scott

Did you run Stinger? : Download Stinger here http://vil.nai.com/vil/stinger/ Stinger list for W32.Beagle, run it again on all your machines, run it from safe mode. If your AVG comes clean in safe mode, then it looks like you are being spoofed by a mailer. I would also download, update and run Spybot and Adaware from safe mode, and then do a good general clean up: expose hidden files and Dump TIF, %TEMP, cookies, recycle bin, did you disable the system restore on those systems? I would, just to be safe. I don't know anything about Zeecom, and after reading your post I am disinclined to go there, and have some implant jump out at me, so I cannot help you there. It is listed on Google as "the best calling card site in the US." Only one listing. Sounds fishy. Go to tools > internet options > security tab > click on the red "restricted" icon, click "sites" in "Add this website to the zone" list www.zeecom.com. click ok > click ok > -- and that lists zeecom as a site to be blocked. Thresher

Thanks Thresher- I'll try the Stinger app you linked to. I've got an email into tech support at zecon.com. They are a ISP specializing in wireless access, I don't think that they are directly responsible for the mailings, but one of subsrcibers are infected. Ad-aware and Spybot are the first things I run when troubleshooting a computer. Ya gotta love those two apps. :-) Thanks again- Scott