have you checked that all external devices connected to the PCs are clean? The infection spreads through removable devices and therefore one overlooked infected flash drive could reinfect the entire network.
Also take into consideration that any executable on a flash drive inserted while the PCs were infected has likely also been compromised.
I'd advise to a) either ban all flash drives from the network for torubleshooting or
disinfect all flash drives and use a utility like flash_disinfector (only works on XP) or Panda Vaccine (only works if the flash dirves aren't connected to Mac/Linux PCs) to vaccine the flash drives and prevent that they can automatically reinfect the PC.
Also disable file sharing unless it's aboslutely needed.
Could you elaborate on how you cleaned the PCs? You'd need to clean them all at once and keep the clean ones disconnected from the infected ones to avoid reinfection from the rest of the server. I'd definitely recommend a reformat and reinstall as "cleaning procedure". Anything else lis likely to lead to reinfection due to one overlooked/undetected file.
Edited by myrti, 31 March 2011 - 03:20 PM.
is that a bird? a plane? nooo it's the flying blueberry!
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!
Follow BleepingComputer on: Facebook | Twitter | Google+