Win32/Gaobot, Agrobot, Agobot virus info..

Hello, 

My LAN has been experiencing problems with this virus the last couple days. 
I've looked for
specific info on the virus being reported as "Win32/Agobot.NPM trojan" by 
Eset's NOD32 without
much luck. A couple workstations were indeed infected and I have used tools 
such as F-Secure's
Agobot removal utility which report successful removal. The symptoms seem to be 
gone. The fully
infected workstations have the virus as the file "wmon32.exe" which also runs 
as a process. After
cleaning the infected workstations, NOD32 on a few of the remaining wks still 
report an infected
file as "winhlpp32.exe". However, none of the other symptoms are seen. I'm 
beginning to think this
is possibly the first file that the 'worm' tries to drop to infect a 
workstation?? 

My worry: 
a) NOD32 reported the virus earlier and even has various definitions for 
variants of this but just
identifies this one and does not clean it, why? 
b) what are the specific files created by this variant, regkeys, infected files 
to be
deleted?.such info 
c) prevention of re-infection [ apart from the MS Security update MS04-011] 

It?s a big LAN and there's none of that central management stuff right 
now?.running a mix of
everything Microsoft?NTWKS, NTSRVR, Win2KPro, W2kSrvr, Win9x. 
I'd appreciate useful pointers and info.

Regards, 
John



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250