Have you no antivirus on the server or wherever the trojan is being installed? BlackICE is only really great as an IDS, firewall isn't very useful. Best bet is set up a honeypot, and watch their actions. Maybe even post the logs in this thread?

Where are they installing the trojans? I'm sorry if you've mentioned this before... I'm kinda tired