Well, there seems to be an infection of some sort on a PC of a relative of mine.

What it does it's that it creates a hidden file called autoexe.exe to the WINNT\system32 directory (W2K Pro in use, fully updated). It also adds the autoexe.exe to one of the registry's autorun sections, in order to start autoexe.exe on boot. It is titled "Regedit" at the registry.

After boot its operation is almost unnoticeable, and it wouldn't have gotten caught, but then ISP blocked the traffic and informed that it could be disturbing ISP's other clients and should be removed.

Firewall tells this autoexe.exe tries to contact morte.servebeer.com at port 6667. I moved the autoexe.exe from system32 and deleted the registry key, and it didn't start on the next boot. However, something still added a new key to the registry, expecting autoexe.exe to still reside in system32.

I ran AVG free antivirus, Ad-Aware, Spybot and A-squared's scanner, but nothing was found. And it is even more complicated because I can't identify the virus myself either. I know of two virus-like programs that do this. The other is Trojan.Prova, and the other is a worm called W32/Semapi-A. However, in case of a Prova infection there should be some other files too, sistrai.exe, for example. And Semapi-A should be accompanied by files like winbios.exe. But the only one of these files I could find was autoexe.exe.

I tried an online scanner but it wouldn't load all of the virus database. I can do it again when I get the chance, but I wonder, how possible it is, it was just missed by AVG? And then what to do? I couldn't find any virus-specific removal tool by any antivirus provider that was related to autoexe.exe in any way. And if it's something AVG free leaves undisturbed, what should be done in order to prevent further infections. (These folks aren't really interested in using anything else than Internet Exploder or turning Active-X's rights on and off. Not because they're stubborn, but because they're quite unfamiliar with computers.)