I'm not sure of what the vulnerability was, but I did determine which files were replaced. /bin/df /bin/ls /bin/netstat /bin/ping I'll keep looking... Thanks, Jeff Painter