Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Ted. on August 15, 2009, 12:51:34 PM

Title: Your Computer May be at Risk
Post by: Ted. on August 15, 2009, 12:51:34 PM
After using Revo Uninstaller to uninstall an ArcSoft programme today RegSeeker found 45 further registry entries, all legitimate, so I deleted them. However when booting up I now get the "Your Computer May be at Risk" message. Avast is running okay and I've done a complete scan with MalwareBytes, SUPERAntiSpyware and also a Bootscan with Avast. Restoring the RegSeeker entries corrects the problem. By the tedious process of searching the ArcSoft entries with RegSeeker, deleting a few, rebooting, then restoring if necessary and searching again, I've narrowed it down to one of the three entries in the attachment. One of these is the rogue entry! Whittling it down further will be slow, if I don't guess the correct one, for when I reboot now and do a new search a further eight ArcSoft entries appear. I know I can turn off the Alerts in Security Center, but would like to know  why I'm getting this message.
Title: Re: Your Computer May be at Risk
Post by: Jtaylor83 on August 15, 2009, 01:23:01 PM
It's a fake alert trying to trick you into buying their bogus AV products.
Title: Re: Your Computer May be at Risk
Post by: RejZoR on August 15, 2009, 03:57:17 PM
I see no relation between malware and ArcSoft program. ArcSoft is a reputable software company and they aren't even involved in security software (multimedia software company). Also RegSeeker is not an anti-malware tool either. So that bogus warning is just a badly timed thing that appeared in the time you were dealing with ArcSoft leftovers.
Title: Re: Your Computer May be at Risk
Post by: Ted. on August 16, 2009, 12:01:30 AM
Hi, Jaylor83 and RejZor,

Thank you for your suggestions.

As no nasties were found after a boot scan with Avast and a complete scan with MB and SAS, what is my next move?

I find that if I delete any one of the three Registry entries shown, the Error message appears and if I restore the entry the message has gone. If I delete all of the entries, but leave any one those three remaining, all of the fifteen entries are restored and no Error message. Attached is the Registry entry for one of them. Note that the Arcsoft folder the Path is pointing to has been deleted.

Title: Re: Your Computer May be at Risk
Post by: Tarq57 on August 16, 2009, 03:53:37 AM
I don't know enough about the inner workings of the registry to tell you why you are getting the message.
You could try resetting the security centre after deleting the entries, and see if it comes right. (The security centre is a sensitive wee dear, and sometimes gets itself all bewildered, the poor thing.)
The below info is for XP. Vista is not much different. It's a common procedure.
1. Go to control panel and open Administrative tools.
2. Click on services.
3. Go down to Windows Management Instrumentation.
4. Stop this service. Stop Security Center service too.
Set them to Automatically start.
5. Exit out of this area, to your desktop.
6. Right click Start, and choose Explore.
7. Go to c:\windows\system32\wbem\repository.
Delete this subdirectory ONLY.
Leave the others there.
8. Exit back to your desktop and reboot your computer (you might need to boot twice).

This will rebuild the deleted folder, and the database.
Once restarted, Windows Security Center should show the correct info.
Antivirus, and firewall, should now be recognized.
Title: Re: Your Computer May be at Risk
Post by: maxwachtel on August 16, 2009, 03:55:58 AM
1.You need a backup plan, one that involves disk imaging and restore(its what I use).
2.If you are worried about reg files then you should learn how to create a backup and then actually use it. Many users have made their systems unstable using so called "registry cleaners". CCleaner is safe and it can be run from a USB stick(look for portable). RegSeeker can hose your system if not used correctly.
3.You may need to install the ArcSoft program again and use the provided uninstaller (Revo may have caused the problem).
4.You may be infected if you are receiving the message over and over again. Try running HiJackThis and checking the results(log) at http://hjt.networktechs.com/ (http://hjt.networktechs.com/)
Title: Re: Your Computer May be at Risk
Post by: grandretti on August 16, 2009, 04:08:01 AM
I know I am not with it on this thread..but I am getting very frustrated with AVAST all the way around.  My license key won't work.  I have followed all instructions.  I have tried to communicate with customer service and all I get is a loop of the same instructions.  Can anyone help so I can get this program on my computer before I get disgusted and ask for my money back!
Title: Re: Your Computer May be at Risk
Post by: Tarq57 on August 16, 2009, 04:40:16 AM
Could you please start a new thread in the Avast 4.x Home/pro forum; click the "new topic" button near the top right of the forum.

In it you should include your OS, and a bit more detail of what you've actually tried, including a link to the FAQ's you've seen and tried.
(There is a link for registration instructions here, (http://www.avast.com/eng/home-registration.php) and some FAQ's here. (http://www.avast.com/eng/faq-registration-license.html)
If you have had another AV on your system, include that info.
If trying the above - including checking the date and time on the system are correct - works, you can reply here without starting another thread.

This thread is unrelated to your problem.
Title: Re: Your Computer May be at Risk
Post by: Ted. on August 16, 2009, 08:44:00 AM
Hi, Tarq57 and maxwatchel,

Thank you for your replies.

I followed those instructions for resetting the Security Center and the repository folder is not being rebuilt after many reboots. The two Services I stopped are set to Automatic and are running. I replied to another post in this forum where a user had corrected a similar problem by resetting his Enviromental Variables. How do you do that?

I think my "PATH" variable line has been deleted?

Okay, I have a backup I did before ArcSoft TotalMedia was installed. Can someone please tell me where the Path Environment Variable is stored in Windows so I can retrieve a copy of it.

Title: Re: Your Computer May be at Risk
Post by: Ted. on August 16, 2009, 02:11:41 PM
Okay, I've solved my problem. I created a new PATH entry.