W32.IRCbot in ROX.EXE...Please Help me, 2/3 pcs infected

[Gifo]

Hi, i'm Giorgio, im writing from italy, i'm an architecture student and i suppose that i brought this virus from the autocad lab in the campus...b****es!,

i've norton antivirus 2004 updated installed, yes a little bit old but i think still functionally, winxp sp2 and sp3 updated daily!...don't know how to do.
tried to remove with norton, wirh spyware doctor scanned with kaspersky....
i'll attach the log
thanks and sorry for my english...

[Rene-gad]

Remove all Antivirus programs excepted one your choice!!!
Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\winstart.bat','');
 QuarantineFile('efcAQICv.dll','');
DelCLSID('{28ABC5C0-4FCB-11CF-AAX5-21CX1C642122}');
 QuarantineFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe','');
 QuarantineFile('J:\autorun.inf','');
 QuarantineFile('R:\autorun.inf','');
 DeleteFile('R:\autorun.inf');
 DeleteFile('J:\autorun.inf');
 DeleteFile('C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe');
 DeleteFile('efcAQICv.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine in accordance with Appx. 3 of the rules.
- Attach 3 logs to your new post..

[Gifo]

well...i've just finished to scan with the tree methods...i hope i did it in the correct way...

[drongo]

not quite, where is virusinfo_syscure.zip ? avptool_syscheck.zip - don't need it, please delete it.

[Gifo]

hi there, well i will contact you the next time i'll have a virus problem (i hope never )... yesterday i tought, there must be another way to remove them...so i've stated windows in safety mode and i've searched in the registry the rox.exe key...i've deleted all the keys with that file, i've rebooted...then i've stated up ubuntu...cause the restore folder is a windows hidden-system folder... viewable only in another oS...i've searched n all my removable medias and on the local disk for this folder and i've deleted them form under linux...
and i've solved my problem...scanned and nothing founded.
i would like to thanks a lot all the people who tried to help me...
next point...i think that this forum is incredibly helpfull so i thought to translate the guide and the appendix to post the logs in italian...as soon as possible...so i will learn the correct way to use your scripts.
thanks Giorgio