We installed e Trust AV 7.1 for a client on over 50 workstations in 4 sites.Most workstations run Windows XP, however there are 4 workstations at one site that are running Windows 2000 Professional. I have a 5-user license for e Trust antivirus, it runs fine on 4 machines, 1 2K and 3 XP.
In order to protect yourself from data loss on February 3rd, you should use current (Jan 23rd or later) anti virus signatures.
Note, however, that the malware attempts to disable/remove any anti-virus software on the system (and does this every hour while the system is up), so if the machine was infected before signatures were deployed, obviously, that anti-virus software can't be expected to clean up the infection for you.
It turns out that there was an "unknown" server sending polls out on the subnet.
Initially fixed the problem by modifying the registry keys that define the port that e Trust listens on.
We will try to post more detailed cleanup instructions later.
However, it is likely that you will have to rebuild the system from scratch.
Over the last week, "Blackworm" infected about 300,000 systems based on analysis of logs from the counter web site used by the worm to track itself.
This worm is different and more serious than other worms for a number of reasons.
In particular, it will overwrite a user's files on February 3rd.