I believe the "On-Access" scanner log should give you that information.(But can't verify that right now)
In any case, you should probably have the option enabled to disconnect any machine that places infected files on the machine.
Setup an "User Defined" Access Protection rule in Virus Scan. Choose the "Port Blocking" option. Processes to include value is *, nothing to exclude. Block inbound and outbound for Port range 139 to 139, do the same with a new rule for port 144 to 144. You can "block" ot just "report" on these ports. Monitor the system for when the On Access Scanner gets the detection. You can then use the Access Protection log. The log will give you the IP addresses for the system(s) that are dropping the worm. Go to those systems and pull them off the network. Update and scan those systems using the latest DAT. Remember that you must schedule the scan, reboot and schedule a new scan. If you follow the document I have attached you will knock this worm out!!