I spent 3 days over a weekend, and a friday clearing my domain ( 300+ clients ) of the B variant.
If like me, you had up to date virus definitions, up to date WSUS, and a quite decent security template with Group Policy, despite this i was still infected.
How? the auto.inf file within USB sticks which shitty Symantec AV corp does not scan.
So, i was royally fucked.
In short, to clear your network ( or rather how i did mine)
In safe mode, run the removal tools
windows-kb890830-v2.7.exe (there is a 2.8,or 2.9 now?)
FixDownadup.exe - Symantec tool.
then install - WindowsXP-SP2-KB958644-x86-ENU.exe
Finally, install WindowsXP-KB967715-x86-ENU.exe
Check then for scheduled tasks ( they are called ao1,a02,a03,a04 delete these!)
Disabled Scheduled tasks on critical machines, as it uses this to propagate the tasks across network shares.
use complex local account passwords ( change them if you can )
This is what i did, and this cleared it,eventually, there is lots of other ways lurking on the internet, which i read, and thought would work( the GP modelling) and some that didn't. The above details worked for me, took a lot of time, and i learnt that no matter now secure your network is, you can't stop someone being stupid/niave.
I accept some blame, as i saw the AV alert for it, and it was deleted ( reported by Symanted as deleted ) so why investigated, only afterwards when i checked security logs on numerous domain controllers did i see the machine infected - trying hundreds of domain accounts and failing ( keylogger )