" ... Disconnected all clients from the network"
If the clients are still disconnected, and outbound traffic is
ballistic, then server is sending it.
Stop any packet filters you've created on ISA for the server (like port
80 outbound so you can browse Internet from server console, etc), then
look at the ISA logs to see what is trying to get out and where it's
trying to go. (Conversely, you can set the Packet Filters properties to
log the 'allow' entries and get log entries of whatever's going out...
but personally, I would not want any more going out 'till I found the
Maybe look in the Processes tab on Task manager and see if there are any
suspect processes running, too.
BYW, if this is a "Hacktools" trojan, it probably got by AV undetected.
In article <OB65b.1201$ XXXX@XXXXX.COM >,