Norton Antivirus is coming up showing a risk for Hacktool.rootkit showing filename remon.sys. We have booted the machine in safemode turned of System Restore and scanned with NAV. When we reboot the warning reappears. I have downloaded killbox and tried to remove the file on reboot. I get the message, "Pending fiel renameoperations registry data has been removed by external process!" When I reboot in standard mode the NAV warning reappears. The Virus? seems to be spreading to other machines. I am removing them from the network when I see the warning. Any ideas of how to get rid of this would be appreciated. Would also like to know how to contain.