2 Questions:
1) How does one go about back tracking a virus outbreak to it's source?

2) AV detects and cleans a "trapdoor.pif" and "netspy"....how does one go about determining how it got onto the machine?