Sircam on my server

I am currently running Norton AntiVirus on Corporate edition 7.6. I have it set up with the central server monitoring all of my machines and email notification when any machine is infected with any virus. The current problem im having with one of my machines is that every couple of days ill get an email notification saying that i have W32.sircam.worm@mm on my machine. It attacks an older directory i have on there and it goes right for the rundll32.exe file. Thankfully that rundll32.exe file is not the one being used its from NT 4.0 and it is not the current os on the machine. Now i got all the sircam tools to remove the sircam virus from the machine and followed all details to remove the virus. I cant seem to get rid of the virus though. I deleted that rundll32.exe that got infected but i still get the same notification for the sircam virus. What could i possibly do to remove the virus from this machine????

Any help would be much appreciated.
Thanx

-SOIA

Did you remove all of the quarantined files? If I remember correctly, if there are still files quarantined, the server will still complain that the machine has a virus.

All quarantined files have been removed. I was told to do that and when i did it i still keep getting the same virus notification.

Try this link. Hope it helps :)

Tried the link out and checked out what it said. Still nothing.

You may want to set up a Honey Pot to find out if another machine is hosting Sircam. Sircam is a worm and thus can propagate itself. It may be accessing a share or going through a known security hole on your system.

When did NAV kick off saying it found and what process caught it? Manual, realtime, scheduled? What location did it find it in? A share?

It wasn't in a share it was just a folder that it found somehow. It keeps catching it with realtime monitoring. How do you set up a honey pot??? What is a honey pot????

Everything ya ever wanted to know about "honeypots" !

http://www.enteract.com/~lspitz/honeypot.html

... hope this helps...

Try this site out, its a removal tool from Symantec.
http://www.symantec.com/avcenter/ven...oval.tool.html

Hope this helps!

Tried the removal tool. wouldnt find anything.