Ok... I reread the OP and found something else that bothers the **** outta me.... Old age, what can I say....

I am trying to convince my administration that the machine should refuse all connection from the outer world (or machine has no access to internet) and we can apply the patches manually or by means of our patch updation server.
The implication of this statement is that the SQL server is directly connectable to from the public network.....

Is that an HTML/CGI/ASP type connection to the same server the SQL database is held or is it a DMZed server that receives the public requests and then subsequently gets the data from the SQL server? Is that SQL server also in the DMZ or is it on the private network.

The problem I see in the first post I made was that the server is obviously being used for other things too.... You don't pick up spyware without going to web sites and stuff.... that's a no-no on a production server.. especially if it is a mission critical server.

Can you bring this server down or do you have to keep it running?