recently got infected with win32/rbot-ir worm on 2 servers and couple of pcs and seems that now on infected servers when going to my network can't see any other pcs on network and can't map to the servers from pcs or other servers. Is this from this particular worm or does this seem like symptom of another type of worm? Is it affecting tcpip or some network or domain component? When you browse for the infected servers from other pcs and you hit plus sign on the server name to open up the shares, it doesn't open up anything. Also ran a cleaner utility from sophos which is enterprise antivirus we use and it came up with no worm but i did it remotely so maybe has to be done locally within network. Also, our isp alerted us about the worm and shut down internet access by putting filter on our t1 line. Is this common practice by isps coz once they shut down internet access, how would we update ides for existing pcs and how would we use internet to remedy and troubleshoot the worm?