just recently one of our windows 2003 servers was infected with virus Troj/TDL3mem-A and after installing version 9 sophos on it, was able to quarantine the 2 files. Immediately after it quarantined the files, remote users could access it again(its a citrix server). Then ran a full scan and it came up clean. Then sophos support sent me a manual cleaner for it and when i ran it, it said no instance of that virus was present anymore. Users were on it for about 4hrs and in the evening i tried to access it when everyone was off already but couldn't get in again via remote desktop. Server keeps freezing and can't even run anything locally on it so they have to restart it by hitting reset button then right away everything works after reboot. Sophos wants me to run an emergency boot cd on server but after reading instructions, worried it might do more harm and system wont be able to come up even since it gave 3 warnings about this possibility. Possible the virus did some type of damage and even though is gone, maybe rpc service or other system files not working properly. I checked event viewer but nothing in red or anything critical that is causing the freezing. Is there any other logs i should look at. Thanks.