So I continue to fight the virus, it looks to have morphed a bit and is causing us the same problems just in a different way. I have had to decode some hex out of the registry and I have now provided that data to our Websense filter so that I can effectively block the outbound port 80 calls and get a very nice log of who still has the problem. The one advantage is that at least the Trend Micro console is easy to work with and provides several tools to allow us to track clients down. It works a heck of a lot better than some of the other AV solutions I have used. They have a particularly nice tool that will scan a range of ip addresses and then tell you who has av installed who doesn’t and what version of av they do have installed. I now have that running daily to make sure we catch every single one of the machines on our network that isn’t protected. Hopefully with the steps we have in place I won’t be getting any early morning calls saying something isn’t working correctly.