Good-people please help,

I get this annoying pop-up at the bottom-right of my windows tool-bar, which warns me of Trojan Virus that is in my PC. When the warning is clicked, it opens this website: antispylab.com; I am using spyboat and AVG 7.1 (both fully updated) - tried everything I knew, no luck thus far.

What pisses me off is that it 'greys-out' all IE menus - hence I can't make any security changes whatsoever. Im ruuning windows XP, SP2.

Please help, Eishhhh

Stop using IE !!!!.

Unfortuantely, I can't - it's a company PC. I use FX at home and I never experienced this shiddd...

Unfortuantely, I can't - it's a company PC. I use FX at home and I never experienced this shiddd...

Your IE got hijacked by a driveby download (there is a new exploit in the wild) and is now being held hostage by this trojan and antispylab.com is a bogus security product.

Your only hope is a spyware cleaner product like the free Microsoft AntiSpyware.

clean the adware: http://www.lavasoft.de/software/adaware/
get/turn on a firewall to prevent further installations: http://www.sygate.com/

Stop using IE and start using Firefox (seriously!)- how can you install avg and other anti-virus software but can't install Firefox???

Use Spybot and Immunize IE.. I've never once had a problem in any way with IE.. your best bet is to stay away from dodgy sites though ;)

Nic777

You 've got me there (on AVG) but spybot is part of the corporate computer image. I guess I need to install FX.

Im busy running the software you 've suggested - fingers crossed

I take your point MAD - guess I owe serials.ws some smackkk

MS antispyware wont help i had the same thing on my home pc and bloody thing kept popping up in systray. Ronza just do a search in google "how to remove antispylab.com" or quakespyware. Theres a good chance it will find the results on the avg forums

serials.ws

No wonder.

No wonder.

Easy there T/D, Im paying my dues already - learnt the hard way (actually, Im still learning cos I 've had zore success - contemplating re-imaging the whole laptop). :mad:

Best thing for serialz sites

1) use linux - now some sites require downloads and other ****e and will not work on linux, so
2) use VMWare - install win2000 or something that needs no activation in a VMWare session. Once installed and working, CLONE IT!
3) Download pr0n sites and warez sites in there.
4) When it corrupts, load the clone, make a new clone and continue.

Also good for eDonkey, Kazaa etc etc etc.
For an even safer experience, run the VMWare app from Linux.

Nothing like two 'doms for those wh0re sites.

:D

TIP for when hunting these fsking adware hostage holders :
- Goto the Windows\System32 folder.
- Ensure that you can see hidden and system files.
- Sort by Date.
Anything with today's date / yesterdays date is part of the infection ... get ride of them.

TIP for when hunting these fsking adware hostage holders :
- Goto the Windows\System32 folder.
- Ensure that you can see hidden and system files.
- Sort by Date.
Anything with today's date / yesterdays date is part of the infection ... get ride of them.

*NOT* to be done on the day you have just re-installed your PC (M$ users, that is the first Monday of every month, err week).:D

TIP for when hunting these fsking adware hostage holders :
- Goto the Windows\System32 folder.
- Ensure that you can see hidden and system files.
- Sort by Date.
Anything with today's date / yesterdays date is part of the infection ... get ride of them.

You are a genius STOKE

Used Windows Defender as a 'Task Manager' to identify what each active system file is all about (by de-activating each file and check whether the spyware is still ACTIVE). Wallllla, I found it inside c:/windows/system32 with a file name winsrv32.exe. Tried to delete - no success - turned-on DOS - its all history. But Im still afraid of what other associated files are still up to....

Thanks to everybody....Can breath again, till next time

Good-people please help,

I get this annoying pop-up at the bottom-right of my windows tool-bar, which warns me of Trojan Virus that is in my PC. When the warning is clicked, it opens this website: antispylab.com; I am using spyboat and AVG 7.1 (both fully updated) - tried everything I knew, no luck thus far.

What pisses me off is that it 'greys-out' all IE menus - hence I can't make any security changes whatsoever. Im ruuning windows XP, SP2.

Please help, Eishhhh

damb stupid windoze users.

use any of these (http://distrowatch.com) and then dont worrie lol

ad aware is a waste of time - its a dangerously useless app that makes people think they're secure. Spy Bot is a good first step. Then cross check with Scan Spyware. Then have Avast running perm on the side, to catch malware and keydropper trojans that sites quietly load on your pc. And run spybot and scan spyware after every session that you use IE, to clean out the rubbish that this causes.

TIP: install Spybot-SD and run the Resident portion. Get to know which programs run on your machine: run task manager daily, anything strange suddenly showing up is probably spyware. Search for the file name, check it's properties. Spyware often has dodgy details about who created them.

To remove spyware rename the file(s) first (windows won't let you delete it while it's loaded), search your registry and remove any references to the files and reboot immediately. Then delete the file(s) and search your registry again to be sure. Do each step with all the files simultaniously to be sure you don't leave any installers behind.

Be sure you're removing spyware only and don't mess up your registry. It's can get confusing sometimes since these files are often named similarly to windows system files.

To remove spyware rename the file(s) first (windows won't let you delete it while it's loaded), search your registry and remove any references to the files and reboot immediately. Then delete the file(s) and search your registry again to be sure. Do each step with all the files simultaniously to be sure you don't leave any installers behind.

Be sure you're removing spyware only and don't mess up your registry. It's can get confusing sometimes since these files are often named similarly to windows system files.

Thank you all for this info
Promethues, do one need to use a speacial application to delete all files associated with a spyware inside the registry :( - as you said - sometimes it gets confusing b'cos names might be similar to windows' files.

Recommend Regseeker - faultless registry editor - with rollback - and its free!

http://www.hoverdesk.net/freeware.htm

Id say the best anti-spyware is Microsofts at the moment, unfortuanately. But you can use Spywareblaster or Spybot to immunise if you are still using IE. Then use ZoneAlarm pro, I havent had any problems with that except for one LSP corrupting virus/spyware, which stops all internet access.

I used to find when surfing some warez sites (worse than just serials.ws, that site is harmless if you have some protection) that firefox would lock up and then id be infected with something, but that has stopped since i started using Opera 9 again, so maby thats a place to start if you want to move away from IE.

Also, I used to check windows/system32 all the time, but I've found that many viruses are a bit cleverer than that these days. Most viruses that I come across these days have got past a good bit of security and never end up in system32, but many other viruses/spyware might well reside there. Its just delting them that can be a bitch. Restart in safe mode if you have to.

Recommend Regseeker - faultless registry editor - with rollback - and its free!

http://www.hoverdesk.net/freeware.htm


Great proggies for free there - thanks!

A good tip to remember is to disable ALL ActiveX apps running from your IE. this should (theoreticaly) stop most spyware from running.

A better tip would be to stop running IE. This should (almost definately) stop most spyware from running through your browser.

You are a genius STOKE

Used Windows Defender as a 'Task Manager' to identify what each active system file is all about (by de-activating each file and check whether the spyware is still ACTIVE). Wallllla, I found it inside c:/windows/system32 with a file name winsrv32.exe. Tried to delete - no success - turned-on DOS - its all history. But Im still afraid of what other associated files are still up to....

Thanks to everybody....Can breath again, till next time

Hello, I'm a novice at this stuff, can you please tell me what "Windows Defender" is? I too am cursed by this same virus and pop up phoney "antispylab.com". When I try to look at my registry, or look at the processes, or open any folder like System32, it 'greys' out and i can't do anything but move the window around the screen. The adware cleaners I've tried don't work. Symantec doesn't work either.I don't know DOS commands but what did you mean by "turned-on DOS" ? thanks...:confused:

Firefox can be just as unsecure as IE, there is really is no difference. Microsoft just happens to be the target of criticism. I recently got nailed with this stupid piece of malware. If it wasn't for Stoke's advice on the previous page I wouldn't have gotten rid of it. Windows Def. doesn't detect all of it. I don't even know how I got infected.

A really good program for manually fighting this stuff is Unlocker - http://ccollomb.free.fr/unlocker/.

Would save the step of rebooting into DOS.

Thanks for the help guys.

if you can't delete a file in windows and are not familiar with using dos then download a program called killbox. it will stop the process from running in memory, unloads the explorer, deletes the file and then reloads explorer.

this doesnt help your situation but its usefull for future reference.

Or use the old stalwart, Format c: /s :p :D

Fixes any problem quickly and effectively... :D

Firefox can be just as unsecure as IE, there is really is no difference. Microsoft just happens to be the target of criticism.
Actually IE is the target for spyware as most people still use it. They will set their targets for Firefox as it becomes more popular. All browsers are unsecure. Us Opera guys are relatively safe for a while until they figure out that it's popular.

Or use the old stalwart, Format c: /s :p :D

Fixes any problem quickly and effectively... :D

Suggest wiping partitions and recreating them too, before that.

Firefox can be just as unsecure as IE, there is really is no difference. Microsoft just happens to be the target of criticism.

Except that IE will run Activex, which opens it up to all kinds of mayhem. :eek:

Except that IE will run Activex, which opens it up to all kinds of mayhem. :eek:
The person who came up with ActiveX was an idiot. Java can do things just as good if not better. Just Microsloth trying to be different again to increase market share. :rolleyes:

It's not ActiveX, it's better called CaptiveX, or HactiveX... sounds much better... :D