Running SEP version 11.0.6100.645
I was working on a server tonight (Windows Server 2008 R2), and I came across two files called "myporno.avi" and "pornmovs". A little digging brought up two additional files in the same location, named autorun.inf and setup161.fon
A bit of Googling turned up information that this is the Worm_Otorun.ash worm. I checked SEP, and it is running and has the latest virus definitions (Thursday, April 14, 2011 r2). Ran a full scan, but Symantec doesn't return any results. I see that Trend Labs has a blog post in reference to this worm, but offers no help on getting rid of it besides pushing their own products. I also tried a custom scan and configured Symantec to examine FON files, but it still finished the search and said it found no threats.
Has anyone else dealt with this worm lately? If so, what steps did you take to identify the source, stop the spread, and eliminate it once and for all since Symantec doesn't seem to even detect this problem? Thanks for your time, and please let me know if I can provide any more information.