Endpoint Protection

one of the users in the company domain got Backdoor.Trojan and can't be cleaned, quarantined. I tried to restart in Safe mode and full scan, it threw the same msg below.

BTW, we are running Symantec antivirus corporate edition 10.1.5.5000 in the server, symantec client security at client. all defition is up to date. Please help us!!Thanks!

Event:security risk found!

risk:Backdoor.trojan

file:c:\windows\system32\userinit.exe

location:unknow storage

computer:computer name

User:domain\user1

action taken:clean failed:Quarantine failed

date found:28,jan, 2009. time.....

Hello,

My org has used Symantec's products for years now and I have to say I am HIGHLY disappointed in its ability to resolve threats as of late.  I have run into situations such as yours and have had to use third party tools to fix things.  I am even finding items on computers which Symantec is not finding.  Look up COMBOFIX...its free.  I've used it A LOT with XP.  It's not meant for use on a server..yet.  Use in in normal mode and in safe mode.  You may have to change the system time and date manually in the control panel after running the tool.