Hi all! I run a 10-desktop network of Windows XPProSP2 machines at my small business, and today, a SpySweeper sweep found on five machines software called 'Ultraview Plus', which SpySweeper classifies as a 'Critical' threat, as it incorporates a full keylogger, and reports out to the Internet. Spysweeper appears to remove it, but rootkits are very hard to get rid of, so I'm not totally confident it's gone. We run McAfee Security Suite and SpySweeper on our machines, and the *nix mail server runs ClamAV to pick off inbound virii, trojans, etc. We've been pretty stable for the last year, with very very few spyware problems since we installed SpySweeper. Ultraview Plus appears to be the core of commercial surveillance software called WebWatcher, which is sold by http://www.awarenesstech.com - with claims of being totally invisible, hard to trace, hard to remove, etc. Interestingly, McAfee doesn't seem to search for Ultraview, and it's not listed as a threat on their site. Symantec (which we don't use) has it listed, and here's their info: http://securityresponse.symantec.com/avcenter/venc/data/spyware.ultraview.html What jumps out at me is the 'manually installed' portion - if that's true, then I have some kind of internal security problem - either an employee, cleaning person or other individual with physical access to my machines has installed this software, or the commercial package has been used by someone to form the core of their internet-based spyware, and it has made it through my firewall, industrial-grade e-mail virus/trojan killer, McAfee, and Spysweeper's install shields without raising an alarm. Anyone know anything about this? I think the scariest thing is the near-complete lack of information out there about this software appearing as a threat, how it gets on machines, or how to get it off again... Any info or experience appreciated!