Directly form the McAfee site.... Trojan <javascript:legendwindow('/vil/legend.htm#Charactieristics');> Characteristics: AVERT is currently investigating possible incorrect identification of this Rewrit.b. If you are observing this detection and believe it to be incorrect, you may install the following negative extra.dat file to suppress the detection: * EXTRA.DAT - http://download.nai.com/products/mcafee-avert/135339.zip * SDAT (self-installing EXTRA.DAT) - http://download.nai.com/products/mcafee-avert/sdat135339.zip Information <http://vil.nai.com/vil/SystemHelpDocs/Extradat.htm> about EXTRA.DAT files I find it interesting that Mcafee says it may not be a correct find, once again another vote for Symantec. Sorry to the McAfee lovers, I am not in your ranks, too many issues just like this one. Thank You -Doug Rooney Sonoma TileMakers IT Systems Administrator 7750 Bell Rd. Windsor Ca, 95492 (707) 837-8177 X11 (707) 837-9472 FAX it@xxxxxxxxxxxxxxxxxxxx The information contained in this e-mail may be confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Selinger, Stephen Sent: Monday, August 08, 2005 2:13 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Rerit.b Hi, Ya.....that is what I am wondering too...... -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Joe Shonk Sent: Monday, August 08, 2005 3:12 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Rerit.b What does it do? What is the payload? The link to the nai site states nothing.. Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Schneider, Chad M Sent: Monday, August 08, 2005 1:02 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Rerit.b WARNING! Watch for new virus, JUST out, "rerit.b". Boot sector virus. Got 6 servers so far, 3 of which are Citrix servers....yeah!