ntsysmgr.exe?

1.

I have encountered a virus/worm/trojan named ntsysmgr.exe. This v/w/t self replicates at startup, disables regedit, safemode, cmd, config, anti-virus, auto-downloads. Resets the admin user and pass for local. Tries to connect to network through port 345. I have it isolated on a subnet of six comps (xp and 2000).

The anti-virus software used is sophos 3.84 and it will not detect this thing.

Has anybody encountered this before? If so do you know what virus this is and how to remove it.

2.

I am writing a server side batch file to locate and disable the network connection if file is found. Anyone knows a very safe way of disconnecting a comp from a network through a batch file. (ipconfig /release) Will it work.

3.

Would you like me to upload the file so you can take a look?