FBI Moneypak virus corrupting the profiles on our server
This is my first post so, forgive me for any missing information, I will try to clear anything up as best as I can.
We, as an organization are using windows xp Pro and Symantec Endpoint Protection Version 11.0.7000.975 and recently we have been getting the dreaded FBI Moneypak virus on 2 computers. I've done some research and found ways listed to remove the virus, (regedit, delete certain files on the infected computer etc.) But, the current version of the virus will still lock up the pc, not only when logging in as the main, probably infected, user but also as administrator, as well as all of the safe modes. So I cannot open any of the utilies that I would normally use. What's more, is if I log in as the infected user, (Let's call him patient 0, it sounds creepy and zombie-esque) in any other computers, now that computer is infected. So, while I still have to reformat the computer, because I can't do anything, I also have to rebuild patient 0's profile. Because logging in as him will just bring the virus back.
It's really very infuriating.
Now, here's my question, or maybe my list of questions:
Does anyone know exactly which files in the profile this particular virus is using?
Is there a way to remove the virus, or at least be able to work find and delete infected files while the computer is locked up?
Is there any way to find out which websites and infecting us?
Any help is truely appreciated.