|There was a government branch that had been infected. (big name AV company)was called in to help fix it. After a few days they stated that it would be impossible to fix the department. The only sure was was to clean install every computer. We are talking about a few thousand.|
If you can't contain it you have to stop all operations. Consider live linux cd's for temp access. Consider pxe load of all systems at one shot.
I would never allow any ISP access to company computers. You should attempt to either get hardened and harder systems and separate your lan from the net.
"Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10