August 2nd, 2005 10:05 PM
Thanks a lot, all of you!
I used just about every trick you guys gave me and I managed to clear out the entire network.
For your information, the virus turned out to be a combination between WORM.cachecache and W32.Spybot.worm. Apparently the first is a sort of "cover up" for the latter.
In the end the most convenient for me was using the rapid release in combination with the already installed Symantec to scan and detect both. It wouldn't find them without the rapid release sigs, so it saved me quite a hassle.
Furthermore the server (nor any of the pc's btw) could be reached from the network as a result of this virus. In the local policy "access this computer from the network" was cleared and it wasn't possible to add any users or groups (buttons greyed out). I bypassed this eventually by resetting the local policy to the defaults using the following command:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
I know it's kinda off topic and you all might already know this, but it took me some time to find this, so I figured it might help somebody in return in the future.