Hi, Take a look at Secefa.C : http://securityresponse.symantec.com/avcenter/venc/data/w32.secefa.c.html
We had this virus on november 30 (about 40 hours before any anti-virus had new definitions out). It does basically what you're saying here. Try to install MS05-039 and MS04-011 (if they aren't already installed) to see if it solves your problem. In my case, about 95% of computers would only crash (i.e. reboot) when they were going to be infected, and only about 5% were infected for real (had some of the files described on the Symantec website). You can look at the logs of the firewall (use the one of XP if you got nothing else) of your computers and look for incoming connexions on port 445 - the source IP *might* be an infected computer. Then run TCPView on the computers that could be infected to see if they are scanning your IP addresses very fast. There is a removal tool from Symantec : http://www.symantec.com/avcenter/venc/data/w32.secefa.removal.tool.html Good luck! BenoƮt Fortin --------------------------------------------------------------------------- ---------------------------------------------------------------------------
