've u tried scanning the machine in safe mode, because memory resident viruses are since in process so cannot be deleted when computer is in normal mode so reboot the machine in safe mode and try running on demand scan.
I would recommend a Command Line scan in Safe Mode.
You will need to boot your machine into "Safe Mode with Command Prompt" but before you do this, there are some very good instructions for running a Command Line Scan in safe mode on McAfee's Knowledge base. These need to be followed step by step.
For more information about "Performing a command-line scan in Windows 7, Vista, XP, 2003 or 2000", please see KB51141.
Also, more information about threats can be found at http://vil.nai.com.
Hope this helps.Message was edited by: Greg Sanders on 11/4/09 4:46 PM
it would be nice to have Log.
Could you plz download and install 'HijackThis', run a scan and copy/paste the log in your next reply.
?twest.exe - is it a typo and it means twext.exe ?Nachricht geändert durch Raziel.van.Nosgoth on 11/4/09 7:23 AM
Since the threat is a memory resident infection you should be able to run an On Demand Scan of the system reboot and run another On Demand Scan. Since the threat resides in memory (Rootkit) then the action from VSE may fail to clean or delete the threat until reboot. We will mark the file for deletion pending reboot. Running a Command Line Scan using the latest Beta Dat will be the next step to take. I have attached a document that will walk you through this. If this does not prove successful then we will need to locate the file(s) responsible. I have attached another document that covers common locations for files that are dropped by Malware. You can use this document to help in your search. If you locate the Malware you can upload what you believe to be infected to http://www.virustotal.com This will let you know who is detecting and what they are detecting as. If you get several vendors detecting the threat you know your on the correct path. You will also see if McAfee is detecting the threat. If it shows McAfee detecting then you will want to update your DAT files and confirm that the configuration of VSE is correctly configured such as "scan all files", etc. Also, Artemis is very useful when scanning. Information on enabling Artemis in Virus Scan Enterprise KB53732. If you confirm McAfee is not detecting and other vendors are you will want to proceed with uploading the samples to McAfee Labs for research. You can use KB50388 to guide you through the process. Once you have submitted the sample if you don't get a response from McAfee Labs you can call and log a case with support to have the case escalated to the Threat Escalation Group.