Hi, We have Nod32 on all our client workstations. We recently found that a large number of them were infected with something that looks like a variant of the WORM.BIZEX virus. This virus appears to have been picked up by various AV companies in Feb 2004. The behaviour was that it created dlla32.exe, dllw32.exe, & dllx32,exe files in System32 folder, and users startup menu's, and added "Load32" registry key to "Run" section of registry. The virus was visible in the process list, and each time you kill it, another copy spawns itself. Booting in safe mode with a command prompt, deleting all copies of the above files from the windows folders, and users profiles, and removing all registry keys referencing the above files seems to have done the trick cleaning it. The worrying thing was that Nod32 did not detect or clean this virus. We are currently in the process of cleaning all the infected machines manually, as above, but have no relaible way to prevent re-infection. Does anybody know if ESET already have this virus/worm covered (ie. our installation was wrong), or if they are planning to add it to their virus definitions in the near future? Here are the build details of Nod32. Its updated overnight, one of versions 1.77, or 1.78, or 1.79 (I did not right down the version number when we found the problem yesterday) failed to detect it last night. Current NOD32 system information Version: 1.780 (20040603) Installed on: 06/04/2004 Virus database build: 3810 Environment version: 1.047 Last Update attempt: 06/04/04 09:39:15 Diagnostics information Base module build: 3776 Cheers, Ben.