hey guys...

I have a problem, This isn't quite BT related but in a way it is...

I have a dual boot system and a network of computers, most of the computers run XP with SP2 or SP3.

Only my system has BT4 installed.

The last few days have been hell, some moron hacked several of my sites by infecting one of the XP boxes on the network. I'm guessing the guy is just using metasploit/SET to do a reverse TCP connection.
He managed to connect to one of those machines and has taken the admin passwords from that machine for one of the site, and used that same machine to connect to the site so nothing would look irregular.

I'm looking to put an end to this menace. How can I find the payload, and how can I patch it?

This has been going for several days now. I've detected several trojans on that machine and I have managed to delete them. However on every scan I do after the successful deletion I keep finding that same trojan again.

The last time one of our websites have been attacked the attack came from Saudi Arabia and the hacker was spreading Islam messages.

Frankly I don't have anything against Islam but there are other ways to spread such messages, then this. This way they only provoke anger. Aside from the annoying music which was also implemented in the defacement of the site the whole thing was cleaned up quickly.

However, after patching the site and increasing the security measures on it our systems still remain the weakest link in the security chain.

I hope someone can help me with this nuisance. If this is posted in the wrong section please move it.

Thank you in advance.
Nusku Lu