Hi Wilders Experts, I really need advice on how to permanently remove W32/Conficker.worm.gen.a from group of systems that has no reported case of W32/Conficker.worm.gen.a for the past 5 months. And suddenly today, McAfee ePO start flagging the system to be infected with Action "Access Denied". Here's the history of what I did: 1. Previously the system has been infected with W32/Conficker.worm.gen.a and been cleaned. 2. System has been patched with all critical patches 3. Password was changed to AlphaNumberic with symbols 4. I have set McAfee to block port 139 and 445 Here's what I found so far... 1. Most system shows Delete failed (Clean failed) thru the username "NT AUTHORITY\NETWORK SERVICE" via McAfee log 2. Seems that the file that is "generating" the worm was "\WINDOWS\system32\wbem\wmiprvse.exe" I'm lost as of what to do. Any ideas besides not cloning or re-imaging back?