We are experiencing a problem with a virus. It is a SPYBOT.32.WORM virus. It adds entries to the host file (basically for all related virus companies so you can't get to their site). It disables the Symantec Antivirus services. When detected by the antivirus, it asks if you want to remove it, if you say "yes" it reboots your PC. If you boot up in safe mode, it will remove the virus, but will then become infected again so the latest Symantec does not appear to be working.
Files that are effected are c:\windows\winins.exe and c:\windows\eraseme_###### (various numbers). Symantec has been less than helpful ... including telling us to call back if that didn't work (5 minutes before they cut off coverage for the night).
We are on the latest antivirus version (10.1.6.6000) and the virus defs for today (7.24.2007 rev16).
Impact: PC rebooting and causing excessive network traffic that appears to be overloading the print servers.