did you send this to mcafee via webimmune.net? if not, please submit a sample.
try superantispyware or the bootCD from avira: http://dlpro.antivir.com/package/rescue_system/common/en/rescue_system-common-en .exe
Can you provide some further details please?
Does the on-access scan also detect this?
Which scan engine are you running?
Have you enabled Artemis, and if so on which sensitivity level?
Have you submitted a sample of either the file itself or the corresponding .bup file in the c:\quarantine folder? If so what is the analysis ID?
Once the file is submitted, and as long as you have a valid support contract I'd recommend logging a case with support to have the sample escalated.
We are getting a lot of these as well. Always seems to come back. We have started using superantispyware on a few of them and it seems to work. My guess is is that the dat file that catches it doesn't delete all of the reg entries or the main file that is putting it back
Have you contacted gold/platinum support about this? One of the support team will be able to arrange a remote session to take a look at an infected machine, or will send you over further troubleshooting steps if your company does not allow for remote sessions.
Hope this helps.
Thanks Samantha, I might just do that.