I have exchange server loaded as a part of Small Business Server 2003. I got a denial of service attack which created 700,000 entries in the c:/program files/exchsrvr/mailroot/vsi 1/badmail directory. I shut down to safe mode to scan for malicious software with the Microsoft Malisious Software detection and removal tool and delete the records in the badmail directory. I rebooted as administrator so that I could load exchange server 2003 service pack 1 which I understand can take care of the problem. Problem is that I have the server disconnected from the web and all other machines and the folder is filling up again. Is this because it had buffered the information before the shutdown or is there still some malicious software out there? Can I shut down to single user mode and load the sp1?