Originally posted here by morganlefay
I highly doubt that the problem the OP had was infected by a worm....because I have seen this before on many a workstation...although never on a server

<snip>

MHO..as always

MLF
I agree with what you said to the original poster, but I was simply stating and giving a personal example of how your assumption could be wrong. Yes, daily patching and email monitoring, and AUP, and all that will help. However, there are more ways to infect a host than by allowing a user to open a browser.

I was simply posting an alternative that I have experienced in the past.