Category:
Worm

Description:
This program is dangerous and self-propagates over a network connection.

Advice:
Remove this software immediately.

Programs that may compromise your privacy or damage your computer were detected. You can still access the file without removing the threat, although this is not recommended. To do so, select "Always Allow" as the action and click the "Apply Actions" button. If this option is not available, log on as an administrator or ask an administrator for help.

Detected by:
Definition file

Resources:
file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/grcfplus.vbe->(EncScript)

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090921-1509.grcfplus.vbs

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090826-1112.grcfplus.vbs

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090824-1307.grcfplus.vbs

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090820-2117.grcfplus.vbs

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090818-2246.grcfplus.vbs

file:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget->include/File.History->090601-1128.rcf.vbs

containerfile:
C:\Users\ckirkland\Desktop\r-c-f-plus.gadget

View more information about this item online

Any thoughts?
-Clay

Thanks for your response, Lee.

I downloaded it again and the same thing happens. I even tell forefront to ignore it and when I install the gadget I get a message that says "unable to load 'c:\......\r-c-f-plus.gadget'." All the machine inside our domain have Forefront so I can't install it as long as this keeps happening. I had been using v1.25 but I wanted to try out the new features.

Thanks,
-Clay

Here's the info from Forefront

Category:
Worm

Description:
This program is dangerous and self-propagates over a network connection.

Advice:
Remove this software immediately.

Programs that may compromise your privacy or damage your computer were detected. You can still access the file without removing the threat, although this is not recommended. To do so, select "Always Allow" as the action and click the "Apply Actions" button. If this option is not available, log on as an administrator or ask an administrator for help.

Detected by:
Definition file

Resources:
file:
C:\Users\ckirkland\AppData\Local\Microsoft\Windows Sidebar\Gadgets\r-c-f-plus.gadget.~0000\include\grcfplus.vbe->(EncScript)

containerfile:
C:\Users\ckirkland\AppData\Local\Microsoft\Windows Sidebar\Gadgets\r-c-f-plus.gadget.~0000\include\grcfplus.vbe

Summary:
On Access Protection change occurred.

This agent scans software just before it runs. You are alerted if the software has a high potential for harming your computer.

Checkpoint:
On Access Antivirus Protection

View more information about this item online

I can report the same behaviour with ForeFront. I just downloaded it today, and upon trying to install it, it reportled detects the worm. Like you said, it's likely a false positive, but it's preventing installation on clients with ForeFront.

FYI, I have another computer that already had RCF installed BEFORE ForeFront was rolled out, and that installation/program still works great. It's just that I can no longer install RCF on "fresh" computers that already have ForeFront.

Thanks,
Chris