From what I remember...

...this one confuses the OS and AV systems as to which file is infected. In reality there is a system process which is cloned and spawns an instance of a file in the temp directory which is the real process. If deleted (almost impossible without some tools because it's always in use) then the process just creates another file with a different name.

When I had this there was no info at all on Symantec about the nastier strain.

Posted By: Steve in Holland, Jan 10, 08:42:44