A pop-up window always opens and says:

Notice: This site is closed due to abuse. If this site opens unsolicited,
try running this Software once to remove the script. If the Software
fails, go to your registry (run regedit.exe) and search for winsvc32.exe.
(usually HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run)
Delete all keys containing the String "winsvc32". In our function
as domain-registrar, we apologise that we cant provide you with any
further information about the popup-script. For information of this
kind, please get in contact with the owner of the domain directly.

What should I do?

Post the URL of were you are going, when you get the popup window.

Do not attempt to edit your registry unless you have a backup, or really know what you are doing :).

I'm not convinced this widow is honest.... it may be, but I'll take a look at the site when you post it.

Yes, I agree with starlifter. You shouldn't listen to it unless you know it is true. Think if you listen to every warning message you saw. ie. You go to a site...popup: You have a virus! Reformat your hard drive now! If people listened to stuff like that then it wouldn't be good.:D

Sounds like they want you to load up a virus. If the virus fails, they want you to delete an important file. I don't know what winsvc32 is but I wouldn't touch it without further research.

All is well now. My friend didn't have the file on his computer. So I researched it and opened it. the pop-up window appeared. I deleted the file and there is no more problem.

http://vil.nai.com/vil/content/v_99439.htm

Trojan Characteristics:
When run, this trojan opens your web browser to a specified site, copies itself to the WINDOWS SYSTEM directory, and creates a registry run key to load itself at startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\
Run\winsvc32.exe=C:\WINDOWS\SYSTEM\winsvc32.exe
The trojan also disables mouse control.

If a person knows nothing else about the Registry, I recommend they know A few keys, beginning with this Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\


This is one place where many annoying programs hide out and activate themselves when you boot.

Nothing need ever be in here, except for your own personal convenience. This is the registry equivilent of the STARTUP folder. As most know, if you copy a shortcut to the STARTUP folder, it will be run automatically at boot. Or you can do the same thing my manually activating each STARTUP program, and keeping the STARTUP folder empty.

Ditto with the
HKCU\Software\Microsoft\Windows\CurrentVersion\Run \
key.

Everything in this location can be converted to a shortcut, the key deleted, and the shortcut run manually (if desired).

Always check this entry after installing new software, and before rebooting. A virus or trojan may put itself here, and activate.

There are other locations, too.

This is the most popular key programs use to activate themselves:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \




Here is the main list:
HKLM\Software\MS\Windows\CV\Run\
HKLM\Software\MS\Windows\CV\RunOnce\
HKLM\Software\MS\Windows\CV\RunOnceEx\
HKLM\Software\MS\Windows\CV\RunServices\
HKLM\Software\MS\Windows\CV\RunServicesOnce\
HKCU\Software\MSWindows\CV\Run\
HKCU\Software\MS\Windows\CV\RunOnce\

Notes:
HKLM is short for HKEY_LOCAL_MACHINE
HKCU is for HKEY_CURRENT_USER
MS is short for Microsoft
CV = CurrentVersion

e.g., HKLM\Software\MS\Windows\CV\Run\ is actually HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\



:)

Nice tutorial there starlifter!:D

Also, if you want to quickly disable programs who run on startup, go to "run" and type msconfig. You can uncheck them there.

You can see this HOWTO for more information:

http://forums.civfanatics.com/showthread.php?s=&threadid=26613