How does one remove red warning box and green color desktop background?

General Topics
1

I am using Avast Version 5.0. Upon receiving the red color warning message box with a green color desktop background, I proceeded to scan and delete the potentially malicious virus and/or spyware. The results of the scan showed no infected files. However, the red color warning message box with a green color desktop background still persists. My question is, how does one make the red color warning message box go away and change the green color desktop back to what I had before this alert. I look forward to your suggestions.

2

There are two ways to do this the hard way by using regedit - or the easy way

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Reg - Shell Spawning
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EvtViewer (last 10)
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles

[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:
[*]Click Add Reply
[*]Under the reply panel is the Attachments Panel
[*]Browse for the attachment file you want to upload, then click the green Upload button
[*]Once it has uploaded, click the Manage Current Attachments drop down box
[*]Click on
http://www.geekstogo.com/forum/style_images/11168623649/folder_attach_images/attach_add.png
to insert the attachment into your post

3

Essex,

Hi!

Please forgive me for this belated post.

Thank you for your reply to my question. I followed your instructions. Please see the attached file “OTS_100123.txt”. Please review and comment on the attached file. I look forward to your reply.

Regards,

Ken

4

There are still trace infections there - This fix may take a bit longer than normal as I will be emptying your system temporary files which are enormous

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says “Paste fix here” and then click the Run Fix button.


[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY ->  InternetSecurity2010 -> C:\Program Files\InternetSecurity2010
[Files/Folders - Modified Within 30 Days]
NY ->  18467.exe -> C:\WINDOWS\System32\18467.exe
NY ->  Internet Security 2010.lnk -> C:\Documents and Settings\compaq\Desktop\Internet Security 2010.lnk
NY ->  41.exe -> C:\WINDOWS\System32\41.exe
NY ->  warning.html -> C:\WINDOWS\System32\warning.html
NY ->  s -> C:\s
NY ->  6371 C:\Documents and Settings\compaq\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\compaq\Local Settings\Temp\*.tmp
NY ->  6371 C:\Documents and Settings\compaq\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\compaq\Local Settings\Temp\*.tmp
NY ->  3 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
[Files - No Company Name]
NY ->  18467.exe -> C:\WINDOWS\System32\18467.exe
NY ->  Internet Security 2010.lnk -> C:\Documents and Settings\compaq\Desktop\Internet Security 2010.lnk
NY ->  41.exe -> C:\WINDOWS\System32\41.exe
NY ->  warning.html -> C:\WINDOWS\System32\warning.html
NY ->  s -> C:\s
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

I will review the information when it comes back in.

THEN

Malwarebytes’ Anti-Malware
Please download Malwarebytes’ Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

5

Essexboy,

Hi!

Thank you for your reply. I really appreciate your follow-up.

I followed your latest instructions. I ran OTS and MBAM.

Since the file size is too big, I tried to copy and paste the results from OTS into this message. Unfortunately, avast!webforum says that I exceeded the maximum number of characters allowed in a post. So, let me say … after I completed following your instructions, I turned off the computer. I turned the computer on and the screen did not show the red color warning message box and the green color desktop screen. Yes, success!!! If you wish to see the OTS results, please send me an e-mail to ah123ah456@yahoo.com.

For the MBAM results, please see the attached file “mbam-log-2010-01-27 (10-48-53)_MBAM_100127.txt”. Please review and comment. I look forward to your reply.

Thank you for your time and effort on this matter. I really appreciate.

Regards,

Ken

Please

6

That looks good - any more problems ?

Also remove your e-mail from your post or you will get a lot of spam ;D