Cyrus Grissom

Hi, We have 75+ PC's running Eset Endpoint, administrated through ERA server. All clients are up to date on definitions. In the past few days, one of our staff downloaded *something* and infected their computer with Battdil.J. Eset did not pick up the virus when it was downloaded, or executed. It simply started to appear in the threat log in Operating Memory >> svchost.exe. Eset also failed to stop any of the several hundred emails sent from that staff member to our entire organisation shortly afterwards. The emails had the subject line "Invoice - xxxx", and a .zip attachement containing an .scr. Several employees opened and executed the attachment. The threat log in ERA shows that Eset stopped and cleaned the virus when it was executed on some clients, but not all. Furthermore, the virus was still able send several hundred emails from the client either before, or after Eset claimed it to be clean. So my questions are: 1. Why does Eset not pick the virus up when it is downloaded? 2. Why does Eset only pick the virus up when it executed on a small number of clients? 3. Why does Eset not pick the virus up when it emailed in OR out? 4. Why does Eset claim to have cleaned the infection, while the virus continues to send out infected emails? Any help is very much appreciated - We are absolutely crippled with this. Thanks in advance, Cyrus

Hi, I have Endpoint Security running on a client - all is up-to-date. In ERA, I keep getting warnings in the Threat Log from from the Outlook Email filter for various trojans, but the action field just says "Contained infected files". How is that an action?! Was the email deleted? Was the trojan deleted? or quarantined? Many thanks in advance.