I have been running full scans with 5664/5665/5666 and 5667 DATS since friday and over the weekend and have found nothing of the sort on w2330/xpsp2/3, I think you may just have had a compromised server if the files are showing as infected with a 3rd party tool, I have had no issue with the DATs or Mcafee servers apart from the 5664 false positive with 5100 engine on one old build pc as it upgraded.
We traced back the worm to an infected workstation, so i don't think that has something to do with the McAfee updates. This was just coincidence reported to us as "false" positive while actually it was an outbreak for real! We were able to fix the outbreak thanks to avg's sality removal tool.
Any suggestions how to get it removed out of a network? All clients are running 5669 DAT now and still its not completely removed. The Tool from AVG rmslt.exe seems to be not able to clean all files, which i do not care about, but any suggestions how to address a threat like this?