hi
yes this is a virus, a friend of mine had had the same problem but i am not sure how he solved it. ( actually he told me he made a script for this)
You could try tcpdump as unSpawn suggested, on a few computers and put the relevant output here; perhaps some of the more skilled people here can help you out; meanwhile update all your windows clients and tell them to use firewalls (i'm not sure if it helps but its a good start)
adaylater: try using arpwatch