Hi all, On thursday 3-26 all of our workstations ran a scheduled scan and no issues appeared. The following day after lunch we started seeing these same workstations coming up as infected with the generic Trojan Horse that is written up here. http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99 The first of the month of march we had an outbreak of the Trojan.Clampi and we cleaned the infections. These were the same machines that have been recently infected. None of our servers are infected and none of the machines show any unusual connections. My question is if these infected files are leftovers that are now being detected with updated definitions or something else? Can anyone shed some light on this? Thanks, Trevor