Foolstroupe -

I don't know whether the AV guys will tell you the filenames for their bots. They're probably buried somewhere in System32 or in a folder with the AV supplier's name, or the like. They assume that you'll probably want to come back for another scan, and it's "convenient" (for them?) to leave the bot in place.

The bot IS NOT A VIRUS. It's a small program that happens to have a "vulnerability" that someone could use to get into your machine. Lots of programs that you know, love, and use every day have similar "holes." This is just one that can be patched now.

There are similar things being "studied" with the implication being that nearly all "multimedia players" need similar patch jobs. Real-Player is one that's admitted a problem exists, and has some updates out. The problem is that their "hype" is so heavy you can't tell what's their fix and what's a sales pitch for a "$better ver$ion.$" The AV people haven't published a "consensus opinion" on whether Real-Player has fixed it, or on which specific other programs need to be "repaired," so there's no real incentive to patch at present. Some other media player programs are "nervous," but the situation just isn't well enough known to make recommendations yet.

As described by the guy who brought the AV hole up, nearly all "web scan" utilities by all AV producers are to some extent susceptible. It appears that a "generic" virus could attempt to exploit the hole, and it would succeed regardless of what AV webscan you had used if they have a small buffer, and would simply fail for those with protected or very large buffer defs. That makes a "large target" that could be attacked. Several AV makers may have fixes. McAfee happens to be the only major one who has publicly recommended rescanning to get the old bot replaced.

Norton is about the only major one who has publicly declared that they don't see a need in their program, and don't intend to change their program.

John