We are running NOD32 2.70.32 on our network with the latest definitions. Yesterday, it raised a threat alert on one of the PCs, identifying koobface.fx. We cleaned it up and rescanned and all was fine. C:\Windows\ld08.exe was removed, as was a startup registry that launched it. However, first thing today it was inexplicably back - IMON noticed C:\Windows\ld08.exe trying to connect to the internet. The user clicked to Terminate the threat but he then noticed ld08.exe was still there on the drive. We then ran a full scan in NOD32, and it failed to notice that koobface.fx is still there. Questions: 1) Why does NOD32 not detect this threat before it manages to install itself? 2) Does 'Terminate' just block the connection without removing the threat? 3) How did it come back after cleaning? 4) How did NOD32 fail to detect it after terminating the IMON warning, when the files, registry entry were still there?