l'antivirus non leva i trojan dai una passata al sistema con hijackthis lo trovi con google..

..is a complex multipartite worm that spreads through IRC channels and shares, targeting computers with poorly configured usernames and passwords.

The worm is usually distributed as a self-extracting archive which when executed installs the worm components to the Windows system folder. The following files are dropped:

AlmIRC.ini
bla.txt
bnc.dll
config.hfg
crazy.exe
cscan.dat
dtkode.txt
empavms.exe
EXPL32.EXE
impvms.dll
ipservers.txt
lan.bat
Libparse.exe
miconfig.exe
moo.dll
msccl.dll
newuser.bat
nhtml.dll
nicks.txt
nvdrv.ocx
psexec.exe
ratsou.exe
reg.xpl
remote.ini
restart.exe
script1.dll
spig.txt
systboot.dll
syste32.dll
system.exe
temp
unicod_look
unicod_ready
werty.bat
wincmd34.bat
wind.dll

The worm may set the attributes of some extracted files to hidden. Some of these files are used by the worm for hacking/spreading/running purposes hence are detected as W32/Randon-I.

initiates the main executable part, that is EXPL32.exe), as a background process. This allows unauthorised access and control of the computer over IRC channels. The worm then sets the following registry keys to make sure this file will be executed at the next restart and upon running an IRC client software: