We installed this Microsoft patch on our network last week, but since then the Nachi worm has been popping up in...
every workstation. What do you think is the reason?
Most likely, you have an infected machine or two somewhere in your network. This worm scans for vulnerable machines, and when it finds one it drops onto it a TFTP server. The TFTP server would then download the worm and your AV software would detect the file upon creation and generate a popup alert.
You need to ensure that you have re-booted each workstation after patching and scan each and every machine on your network to find those that are infected.
For more info on this topic, check out these SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.