• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1383
  • Last Modified:

Display Properties: Themes & Desktop have been disabled by antivirus 2009

Recently, I visited a website that tried to load the AntiVirus 2009 on my laptop.  While I did not install anything, Kaspersky failed to block it from getting to the computer.  I ran Malwarebytes immediately and it removed several threats but I had to run it a few times to get them all.  I also deleted some .exe files that were in either C: or C:/windows that didn't belong.

However, when going to display properties from the desktop (or CP), the first two tabs are disabled to the point I can't click any background image nor browse the folders.  The browse button and slide bar are greyed out and so are the images in the Background field under the Desktop tab.  I can click the "Customize Desktop" bar but not change or view other images.

I have gone to start - run - regedit and HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\ActiveDesktop and added NoChangingWallPaper w/value of (0) zero.

I've run SDFix, Malwarebytes Full Scan, in normal and safe modes, and I can't figure out where else to go to change whatever settings were changed on me.

The computer is a Dell Laptop with XP Pro SP3.  

Thank you for your help.

2 Solutions
Smitfraudfix gets rid of the desktop images associated with Antivirus 2009 and resets your desktop background to the default Windows blue screen. Maybe that can help:


Run option 2 in safe mode. Say Yes to Registry Cleaning.

Good luck!!!
Malwarebytes is very good against the 2009 AV malware as well.
I recommend downloading and updating it.
You can get it free from www.malwarebytes.org
Once updated, reboot into Safe Mode (F8 at startup) and run a scan.
You should do this with your current antivirus product as well.
You may also need to download and run HiJackThis from
Once you run the utility save the log file.
You can post it for free analysis here or at
You are primarily looking for items marked with red X's.
You can get a brief overview of Hijackthis here:
btanExec ConsultantCommented:
You may want to check out this site as well for total removal

See below for extracted ways tried successfully by others:

Make sure you shut down the antivirus 2009 before you try to delete the file from you system.
I was able to remote it by doing:
- Killed the av2009.exe process using Task Manager
- Took a look at where the Antivirus 2009 shortcut pointed (they put one in the desktop)
- Took a note on the date and time of the av2009.exe file
- Searched the Registry to see if they were any references to av2009.exe. Did not find any.
- Removed the C:\Program Files\Antivirus 2009 directory and all files
- Removed the desktop shortcut
- Removed the shortcut in the Start Menu (be aware they put it in the upper area, where Windows Update is located)
- Rebooted, but then discovered that IE was still infected, in particular when I tried to navigate to Sysinternals. Also discovered that the Security Center applet in Control Panel was not working
- Went to Windows\System32 and found 3 files from about the same time of the infection:
- Again before removing the files I searched the registry and deleted references to ieupdates.exe (register to start automatically) and winsrc.dll (registered as a COM file)
- Reboot again and tried IE and Security Center, both are working now
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

wgrogersAuthor Commented:

Thank you, I ran the smitfraudfix and it removed the remaining background.  When I go to the Desktop Display Properties now though, I cannot select a new background or Browse the options for a background.  Is there a way to restore that function?


Thank you, I ran Malwarebytes right after seeing it.  This was the 3rd time I'd gotten it, the other two times were the 2008 version which was no problem to remove.  I believe I made a mistake though when I started running Malwarebytes by running the full scan rather than the quick scan.  It never did finish and I had to shut down and start over with the quick scan.  I think that could have been part of the problem.  HJT is clean, the problem with the background did not show anywhere.  I ran Malwarebytes, SDFix, spybot, AVG as well as kaspersky which is on all the time.  (I d/l the free AVG, disabled kaspersky, ran AVG and it removed a few threats, then I uninstalled it).  But this time, Malwarebytes took 3 passes before it showed clean and the desktop was still infected.


Thanks for the input, I too manually scanned the registry for any reference to av2009 I could find.  I also went to the registry and added to ActiveDesktop the DWord entry: NoChangingWallPaper with a value of 0.  It made no difference with the background.
wgrogersAuthor Commented:
By the way, as I have been searching for a fix on the greyed out display properties for the background, I have tried the following:

1)  Find an image on the web and save as background.  (Does not work, that option is also greyed out)
2)  Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System and remove item called Wallpaper.htm.  No such item as Wallpaper.htm exists in registry.

Thank you
wgrogersAuthor Commented:
Okay, I kept looking and found it.  Here is what I did after using phototropic's SFfix.  I had been in the registry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop and had added the DWORD, NoChangingWallpaper with a value of 0.  It was not in there when I first looked.  But, adding the DWORD had no effect on the problem.  After searching the web I found an entry where someone was telling the user how to go to the registry and remove the Wallpaper.htm file but he said to check two HKEY's.  I thought I would see if there was a similar value for the DWORD in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop and there was.

In the Local Machine, the DWORD NoChangingWallpaper was set to 1 (0x00000001).  I changed the value to 0 and bingo!  All is right and as it should be in the world!

Thank you for the input and assistance.  I will award phototropic for his smitfraud fix suggestion.  
Glad to hear you got it sorted.

Good job.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now