We techies are waging a war on three fronts. There is the war on spam, the war on viruses and the war on Internet attacks. Every time we make a move to block these criminals they make a counter move. It is a race to keep up with the techniques to stop these people.
If you are still not using Nmap to scan your network for infected computers with unusual open ports, I can almost guarantee that you have an infected computer. There is a new Windows version so forget the excuse of needing to use the cumbersome command prompt to run Nmap. The Windows version is called Nmap-Zenmap. Don't just run a network scan but also save a print out what is normal. Every time you run it you will find new open ports on some computer. Then when you notice someone's computer has port 6670 open for the first time you can go to the computer and ask the operator what they have installed. They will claim ignorance but be sure they are infected. If nothing can fix the problem just replace their hard drive. If you are like me you will have a box or 2 of used hard drives. I keep them for months and keep running virus scans, etc to no avail.
What I am saying is that Antivirus, Rootkit detectors, and Malicious Software removal tool are all next to worthless. They might find a problem around 25% of the time if you are lucky. The rest of the time it is up to you to find the infection. They are also not very good at removing the infections either.
You may ask why I disabled posting comments to my blog? Well some turkey posted a comment that was a virus and infected my laptop hard drive. So now it has a new hard drive and once again I cannot find the infection on the old one. AVG did give a virus warning a few days after the infection but that was too late.
On the Internet attacks, tighten up your firewall rules! Sonic Wall for example allows any computer inside of the fire wall to access anything outside of the firewall. So they send someone a virus infected email that is not detected for several days. In the mean time the virus has reached out and connected to someone and downloaded who knows what. Just block everything except for ports 80 and 443. Of course you know that they will write the virus to communicate on those ports sooner or later.