One of my traveling users recently aquired the Zlob trojan showing a Windows Security Alert to the Trojan.Zlob.G and a link to download the removal tool. Good thing I've trained them not to believe that and call me first. After performing a full system scan with KAV 6.0 for Windows Workstations the trojan was not found. Luckily he was only an hour away so I was able to drive there and fix the problem.

My question is why didn't KAV find the trojan?

We run the Admin Kit v. 6.0.1591 along with KAV 6.0 for Windows Workstations. The users last update from the server was three days before the Trojan infection. This trojan has been around a while so I'm wondering why KAV did not detect it?

A couple of things:

• The zlob you found may not have been a recongnized variant. If you still have access to the file, submit it to newvirus@kaspersky.com
• Keep your clients up to date - I know there were updates today that were pushed down to deal with the dns changers. 3 days out of date is well out of date. Set your traveling users up with mobile policies in the admin kit so they don't miss updates.
• Update you admin kit. You're on a very old version, you should be current (1710). The kit will install on top of your current one, no unistall necessary. After you've upgraded it, push out new network agents to all your workstations and servers.