http://www.symantec.com/security_response/writeup.jsp?docid=2011-062909-5644-99&tabid=2
As for the Trojan.Gen detection, there's a little confusion about the definition.
When we find a new threat, part of the decision process is "is this threat unique enough to warrant a whole new name?" Often times, it's not...a few characters tweaked here or there doesn't warrant an entirely new detection, so the detection is added to the generic signature for that threat...a generic trojan, for example, would be added to the Trojan.Gen signature, wheras if we find a trojan that's brand new, or so far modified from a basic trojan, we might call it Trojan.Whatever. These are signature detections.
We've detected previous versions of this threat as Trojan.Fakeav in the past, and it appears to operate similar to how Trojan.Tidserv works.
With regards to checking the MBR, SEP does scan it, but due to the implications of removing the MBR, we only log the infection, we don't act on it (but the log does show up in the SEPM and on the client itself). The SERT tool can scan and repair (if repariable) the MBR, and Power Eraser (inside the Support Tool) also has the ability to scan the MBR after a reboot if selected.