Here is a quick breakdown.
Win2k3 network with a trust to a NT4 network (currently migrating).
70% clients on XP Pro, the rest on win2k.
Running McAfee on client and servers.
ISA 2004, Exchange 5.5 and 2k3.
A couple of days ago qhost.apd got in, now it is throughout the network.
I have applied sp2 for client xp machines which stops the virus from
spreading but it is only contained. I have tried the tool from symantec to
remove but it does not find this variant of qhost.
Please any help or advice would be greatly appreciated.
I hope I have provided enough info.

Thanks in advance.

D

Remove system restore from Windows XP clients
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [Microsoft System Checkup] ntsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] ntsysmgr.exe


Make sure you can view hidden and system files: Instructions here
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Then Boot to safe mode: Instructions here http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

Click start->search/find->all files and folders->search for syslog32.exe and
ntsysmgr.exe delete where found.

Go for free online Virus scans here:

http://housecall.trendmicro.com/hou.../start_corp.asp
http://www.pandasoftware.com/activescan/

Be sure and put a check in the box by "Auto Clean" before you do the scan.
If it finds anything that it cannot clean have it delete it or make a note of
the file location so you can delete it yourself.

Then do a reboot let us know how it runs also run a scan post new Logfile

Show quoteHide quote

disk caching
Reboot Speed
Switching from workgroups to domain
windows firewall
Q: copy with permission
Windows Server 2003 - System Information not displayed correctly
WPA Security and Cert Services
Restore point
Branch Office Win2003 Licensing Question
Connecting to Event Viewer from 2003 server