Hi SYMTEC67,
SAV 9 was designed before today's threats had evolved. It just does not have the capability to remediate some of what is currently in circulation, and it was never intended to handle definition files of today's size. I strongly recommend migrating to SAV 10.1 MR9 or SEP 11 RU5.
In the meantime: in light of the recent detections and odd behavior now, I suggest treating that SAV 9 computer as if it is infected. Remove it from the network and scan away in safe mode, then carefully check the logs. Is there anything on there that is being detected but not completely removed? Is the computer acting as if it may be infected? It very well may be.
It's a bad idea to completely uninstall AV in the middle of an infection, even if migrating to a newer release. You may want to scan that computer with NBRT (a LiveCD that detects threats) before trying to install SAV 10.1 or SEP.
Please let the forum know of your progress!
Thanks and best regards,
Mick