This goes out mainly to the security team...but anyone who has any information would you please respond.

At my work, I have recently become the "AV expert" purely because I just follow the perwork steps each time and remove rediculous amounts of viruses from workstations. (The most severe was over 1000 infected files).

As such, I have been tasked with a rather...hard...issue. One of our clients, who has 3 sites...has been infected with the Kama Sutra/W32.BlackMail.E/whatever other virus name you can think of for it. What this virus does, is on the 3rd of every month, it will disable whatever anti-virus you have installed, and delete Microsoft Office documents. This is a rather severe issue for this company, as each site has - in the last 3 days - had both their auto loaders (tape drives) fail. We are currently working on the solution for this, but that is irrelivant to the issue.

The backup drives is an important issue, but more important is the actual virus itself. As far as we can tell, it is infected on every single computer - and all but 3 servers (these 3 servers are located in our office's data centre and we have been successfully able to remove the virus with the help of a tool created by Symantec).

What we want to do, is created a logoff script, that we can add to every single user, that will run this tool. But, the tool needs to be run as local admin, which all the users are not - and not allowed to be (company policy).

Basically, this is the batch file we have loading the tool at present - we're testing it out on our own network. We have until the end of August to get a solution in place, and any help would be greatly appreciated.

M: is the exchange drive, and as you no-doubt are aware...if you run a scan on a live database that has people accessing it almost 100% of the time - it will destroy that database.

How can enable local admin rights to this, and then disable them after it's run?