This is a quite old (but true) story of emergency migration from one antivirus solution to symantec solution. i'm saying that it's an old story because these days we had NT4 as the main OS in our environment and inoculan anti virus (from CA ) as the main anti virus solution. we have a quite big network, lot's of servers and workstations in several site and no connection to the internet. as a new tech in my department i remember one day which some of the workstation started to work funny, but since we had anti virus i didn't suspect it's a virus because we didn't get any alerts, we wasn't connected to the internet and most of computers didn't got any floppy or cdrom drive. so all our tech team done with the computers is reinstall them. at the evening ,before i went home i loged on to one of the servers and noticed a strange message from the antivirus, we had a different version of it to the servers, and it wasn't a specific virus alert but something like "i SUSPECT there is a virus..." at that very moment i started to connect the dots! with this message and the strange behavior of the workstation there is only one conclusion: our network is infected by virus! immediately our tech team start to search for updates to the inoculan anti virus, since we wasn't connected to the web we had to that manually. after installing the update in some servers the anti virus started to detect the virus in EXE and COM files but failed to clean them. so we started to search for alternate solutions and after consulting with symantec techs we decided to migrate to symentec corporate edition (version 7, in these days...) beside of the success in the cleaning task, symentec anti virus had very good tools to distribute and control on the anti virus software in the clients machine. something that was missing in our previous solution. so we had to take care of the client upgrade by writing several scripts that remove the inoculan anti virus and the rest was done by the symantec solution. it took as almost a week, working around the clock to fully recover from the virus and we suffer from damage to a lot of softwares that was installed on clients machins. in fact we had to reinstall many of the workstation just because we couldn't install the new antivirus since the machine was infected all over with the virus. since then we upgrade our servers hardware and OS several times and also upgrade symantec solution (into version 10 and 11 ) today, as a lesson from that event we decided to remove all floppy and cdrom drives,except to some gate stations. we also apply different AV solution to servers and clients (symantec solutions for the clients) and we monitor USB devices on clients by endpoint protection. that's it, i can't deny that we where quite complacent by thinking that having anti virus and no connection to the internet will keep as from virus infection but we learn from our mistake!