Well... that's the kicker... this one is not detected even by updated antivirus patterns. Ours is Trend Micro, but we've tried some other vendors and they're not finding anything either. But we can isolate the infection... and it *should* be detectable, many pattern versions ago. It looks and acts like a variant of RBot.jp.worm, but isn't detectable as such.
Symptoms are that the infected machine opens hundreds to thousands of connections to the Internet, clogging the NAT translation tables of the router, effectively killing Internet access to anyone else. It also starts brute-forcing network accounts, looking for common weak passwords, which of course starts immediately locking accounts accross the domain.
Nasty bugger, that.
Yikes! That IS nasty.
I'm going to copy down some of this info...hopefully we're safe, but ya never know for absolutely sure.
Out of curiosity, how did you clean it?