Endpoint Protection

Hello,
Symantec has detected and cleaned the W32.Gammima.AG threat risk, and I have followed the steps to update the registry to remove the threat.

Unfortunately, each time my computer restarts, the same threat is found and cleaned.  The Original Location is "Unavailable" so I don't know where the threat is coming from.  I have system restore disabled (with Windows XP Pro SP3) and it still happens every day.

Does anyone know how to stop this from happening?

Perhaps there is a legitimate program/macro which is running and detected as a security threat?

Any suggestions would be much appreciated.

W32.Gammima.AG is usually bundled with a rootkit.  The rootkit is probably reinstalling itself as portions get removed.  You'll probably have to do an offline scan from a known good computer or boot CD to get rid of the whole thing.

 One of the new RU5 features was a report that actually shows the virus location now.

But a scan in safemode is a good start...  Then if warranted, one where as above suggested, taking the HDD out and scanning from another PC, or using a WinPE image with SEP installed, to scan from it.  The later is something everyone should have, and Symantec should bundle it in.

 Enable Risk Tracer
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/be1edccb0e39927280257363003a2bb3?OpenDocument

Cleanup %temp% , c:\windows\temp
and
\Documents and Settings\USerNamer\Local Settings\Temporary Internet Files\Content.IE5