Hi, For the second time in 12 hours, one of our remote users has got hit with something that ESET didn't catch. This time it's "Antivirus 8", on an XP Pro machine fully-patched and up to date with ESET. I'm not going to rant about how it slipped past ESET - two problems on two fully-patched machines in 12 hours says enought about that - all I'm looking for is the best removal procedure please. I won't have access to the machine until 5PM today as the user is using it for a presentation (or I guess.....was going to be using it) so I've time to research it. But if somebody has a quick pointer to a removal tool I'd appreciate it. As it's a remote machine I can't risk screwing it up. "antivirus 8" is all I've been told. The quote from my remote user is: "Today my Pc has had an antivirus 8 programme start running we cannot delete or remove and apparently it is something that is trying to log onto machines and get details etc." Thanks in advance, Jim EDIT Looks like MBAM will come to the rescue as usual: http://www.bleepingcomputer.com/virus-removal/remove-antivirus8. I'll report back later.