Hi
I installed R-Firewall and GhostFirewall and they both say me that regscan.exe is trying to connect to some irc server.
And here comes the problem i dont use mIRC or any IRC Client ??? So i thought is a virus so I wrote regscan.exe in google bulgaria and it showed me some informations about trojans that attack regscan.exe . I have avast i scan the file nothing , i scan with clamwin nothing , kaspersky online scan again nothing.But this file starts everytime i start my windows.I block it , stop it from autostart,tried to delete it , but nothing .Its there 
Oh its placed in D:\Windows
Any ideas what the … is this ?
http://img529.imageshack.us/img529/4175/elitex0227ju.gif
279 kb ???
http://img529.imageshack.us/img529/5921/elitex0233nm.gif
Hello and Welcome to the forums ;D
Can you try to upload the file to virusscan.jotti.org or to virustotal.com to see is there any AV that is detecting the file as a virus 
I also recomend to scan your PC with Ad-Aware or Spybot - S&D
BTW aren’t you from Bulgaria?
UPDATE: you have W32/Rbot-HA virus on your system
http://www.sophos.com/virusinfo/analyses/w32rbotha.html
Also can you post your HijackThis Log File - you can find the program here: http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HijackThis.shtml
1 If you are not getting a virus warning that you believe is a new, undetected virus then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest.
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus or false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
As a temporary measure you can have your firewall block access to the internet for regscan.exe.
Depending on your OS (?) download anr run the appropriate program, Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.
If you haven’t already got this software (freeware), download, install, update and run it.
- Ad-Aware
- Spybot Search and Destroy
- Spywareblaster Don’t install this until you are clean.
Да Българин съм ;D ;D
Okay Jotti says 
AntiVir
Found Backdoor-Server/TALEX.24 backdoor
BitDefender
Found Generic.Malware.SIFMkb.C34D7A52
VirusBuster
Found Backdoor.Talex.B
Thats the important
I have S&D - > nothing
Ad-Sense - again nothing
Spyware Nucker - guess ?? nothing
So i saw that some of the AV found a virus i must just download and clear it ??
I am using XP and Suse 10 ( i forget to tell you i cant even delete the file from linux 0.0 )
I can send the file because it wants SMTP mail something like that , but i dont have one . So how can i send it from normal e-mail like gmail ?
Отдавна не съм срещал българи във форума(единствения българин, който познавам от форума е Neron) ;D
Но ще продължа на Английски(все пак форума е английски), ако не разбереш нещо ми пиши лично съобщение
Did you tried a-squared as DavidR suggested? http://www.emsisoft.com/en/software/free/
Or Ewido - http://www.ewido.net/en/
They are both very good programs in removing Trojans, try them
Ok Ewido Security tell me its blackdoor talex 
i will see if it can be delete
And you must tell me how to send this shit to avast because my mails dont let me send .exe .zip files ??? >:(
bye for now i must go to sleep , contact you tomorrow (afternoon probably)
I can send the file because it wants SMTP mail something like that , but i dont have one . So how can i send it from normal e-mail like gmail ?To send the file to Alwil zip(or rar, all depends from you) the file in password protected archive - usualy the password should be "virus" and send the file to virus[at]avast[dot]com from your gmail(for example) account ;)
Okay i send it to virus@avast.com , i hope soon avast will detect this virus , and my problem is reseloved,thanks to Ewido ;D