Here is a script that we have implemented as a Group Policy startup script. It will run each time a computer in our Active Directory domain turns on or restarts their computer, then write to a log file if it finds and removes one or move of the worms. This has caught and removed a number of unknown instances of the worm for us. The program follows the basic steps to remove the MSBlast worm and some of it's variants (posted by Symantec, NAI, etc.). Feel free to use or edit this to fit your environment. Regards,