:: Anyway, I killed it again this morning and restarted. The infect :: message went away immediately. :: :: Could this have been the problem? Could have been, but there's no way to be sure now. When you had the chance, 'lsof -i tcp:114' would have told you what process was bound to TCP/114. Cheers - Erick