This virus from 2001 is kicking my butt right now. I believe I have at least one rogue system on my network infected with it and it has found nearly every open share and infected files. Our detection tactics are so geared toward worms that create SYN traffic or BO attacks. Since the virus is infecting files through mapped drives there seems to be virtually no way of tracking it through sniffers or the like. Out of our 12,000 users we have identified around 200 systems that are not running managed AV clients and we are tracking those down. I am sure the infected systems are within this group but would like to find the virus asap. Only Trend seems to list a possible port opened by the virus, 30167 but due to the behaviour of the virus it is not always active to avoid detection. Has anyone found a good way of dealing with this sort of threat? Thanks for any input.

http://securityresponse.symantec.com...w32.pinfi.html
http://us.mcafee.com/virusInfo/defau...&virus_k=99690
http://www.trendmicro.com/vinfo/viru...me=PE_PARITE.A