Just did a fresh install of Win98 on a formatted hdd and after having done all the OS updates I could I installed the new replacement for InoculateIt PE and when it was doing it's initial scan it reported the following:
"Scanning file(s)...
c:\WINDOWS\SYSTEM\NETPPTP.SYS - Win32.Leave.A worm. Deleted."
Any clues where this could've come from? There's no e-mail on this machine yet and other that the LAN (I've checked all machines on the LAN with the same scan) and the trip to Microsoft, I can't think of anywhere I would've gotten this. Does anybody recognize the name and how it's passed around. Could it have been a test virus put on by the anti-virus company
Note: I didn't know for sure which forum to put this in but I figure it's more network-related.

i'm not familiar with that virus, new one to me. if that's a burned copy of a win98 cd then there's a good possibility that it may have been infected. especially if it was even in an iso format, it's very simple to inject iso images with virii/trojans/etc.

other than that i can't think of how you may have gotten it.

hope all is well now,
-psyklone

It makes absolutely NO sense! The OS disk was one I've had for years and all the files, with the exception of update files I downloaded directly from Microsoft, were files I got off other machines on my home LAN. And like I said, I've done a scan of all those machines and nothing showed up. One of the first programs I installed was Zone Alarm and the machine was behind a router the whole time so I can't imagine where it came from. I do recall that after I had Zone Alarm installed I got alerts that something was trying to access the internet so all I can figure is that something got past the firewall before Zone Alarm was installed.

See http://vil.nai.com/vil/virusChar.asp?virus_k=99115

"The EXE file also contains the master password to Subseven which it uses to infect other computers by running a portscan on multiple subnets, attempting to connect to TCP/IP port 27374. Once successfully connected to a Sub7 server, the worm files are copied to the remote system.

It also contains code to contact time servers and IRC servers, as well as download files over the web. Registry.dll also contains a mailing routine."

Like psyklone suggested, it sounds like you have an infected software package or at least an infected exe on the system.

i know this is gona suck but u might wanna try to reformat again and make sure u reformat the drive not just reinstal windows, also a second thought do u have more than one hd the other one without windows might have the virus just a thought its happened to me......i had a worm virus dont know what the whole name wuz but it wuz in something i d/l from a trusted ftp of mine