How do you remove the Sub7server trojan?

Due to surfing Steve Gibson’s web site (www.grc.com), I discovered that our e-mail server (Exchange 5.5 on NT) probably has the Sub7server trojan on it. Following Steve Gibson’s advice, I ran netstat -an | find “:6667 ” & got the response “TCP 0.0.0.0:6667 0.0.0.0:0 LISTENING”. According to Gibson, this means the Sub7server is broadcasting back to its IRC channel. I did find references to Sub7 in the registry, but am unable to find any of the files associated with Sub7. I deleted the keys with Sub7 & rebooted, but I still get the same netstat result. Can anyone help?