Mike I have been still checking on your problem and I found out that the name of the Virus //Worm is
You can read about it at this linkhttp://www.trendmicro.com/vinfo/virusencyc...EZF&VSect=T
If there is a way for you to run that scan Trend Micro says they ca rid you of it.
Installation and Autostart Technique
Upon execution, this memory-resident worm drops a copy of itself as the file WINSEC16.EXE in the Windows system.
To enable its automatic execution at every system startup, it creates the following registry entries:
This worm takes advantage of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) vulnerability present on Windows XP, which allows a remote user to gain full access and execute any code on the machine, leaving it compromised.
Read more on this vulnerability from the following link:
Microsoft Security Bulletin MS03-026
This worm looks for vulnerable machines on the network by scanning for random TCP/IP addresses on port 135.
It further uses the RPC Locator vulnerability which affects Windows NT and searches for vulnerable systems on the network by incrementally scanning TCP/IP addresses on port 445.
More information on this vulnerability is available from the following Microsoft page:
Microsoft Security Bulletin MS03-001.
This worm also exploits the IIS5/WEBDAV buffer overrun exploit affecting Windows NT, which enables arbitrary codes to execute on the server.
The following link offers more information from Microsoft about this vulnerability:
Microsoft Security Bulletin MS03-007
When it finds a vulnerable machine, it copies and executes itself on the system.
To automatically remove this malware from your system, please use Trend Micro Damage Cleanup Engine and Template. http://www.trendmicro.com/download/dcs.asp
This I hope takes care of it. You were able to run the other scan so lets keep our fingers crossed.
Thank you Jitaa