A friend of mine has just installed Xp pro. Within minutes of it running he encountered the MSblast virus. Being a novice and having never encountered a virus before he freaked out and telephoned me in a state of panic. I laughed because i didn't see it being so big a problem to solve. Here are the steps i told him to take. 1. Activate his firewall. 2. Download the MS03-026 patch, if the countdown should take place in the middle of this then he should hit start/run "shutdown -a". 3. Next he should disconnect form the internet and run the patch. 4. OK Here is where it gets strange, If he goes into task manager/processes there is no process running called "ms-blast.exe" or "penis32" or whatever other variants of this name exist. 5. If he goes into the registry and looks for the entry from "MSblast" it isn't there. 6. If he goes to system32 and looks for the file "MSblast.exe" then it isn't there. 7. I hope that these are trivial matters and easy for someone to solve. But this isn't all... 8. It is to my understanding that if you type in "shutdown -a" then the worms process is halted until the computer is rebooted. With his worm it comes back very frequently and the pc doesn't need to be rebooted. And even when your not connected to the net it will come back over and over again but there are no traces of its files anywhere on the pc (it seems to be growing in strength everyday). Also the Symantec removal tool doesn't detect anything. 9. I have recommended to him that he should backup the MS03-026 patch and disconnect from the internet and begin with a fresh installation. Which if this were the MSblast virus would be sure to work. But i'm not sure if this is the same because the symptoms seem to be so different. If anyone has the answers which would solve this problem i would appreciate it very much if you would get in contact.