I think it's a little naive to simply say "we'll virus scan the network first" and think that will do it. You also need to trojan scan every machine and, with the current trends in Spyware and Adware becoming so similar to trojans, you are going to want to scan for all that too. That's a lot of work and, in someways, it may be easier to drop the network, (if it isn't too big), and just reimage all the disks first.

Viruses and worms get blamed for so much and there seems to be a trend where, as people are becoming aware of security concerns, people are leaning too heavily on AV when, in fact, while viruses are a PITA they aren't the most dangerous threat to a company. The highest threat still remains compromise by a human who can adapt his techniques to get what he wants as opposed to an automated piece of code that has either a single purpose or a limited number of purposes and techniques to acheive it's goal. Certainly, as security admins we really need to broaden our spectrum and must never fall into the trap of believing that AV is a cure-all.... It isn't. But believing so and implementing an anomaly based system will come back to haunt you in the future.