Desktop Defender 2010

Desktop Defender 2010 is a fake security application that will configure to start itself automatically after a successful stealth installation on victims computer. Desktop Defender 2010 presence may produce confusion on victims real computer security status, the legit antivirus programs says computer is clean but Desktop Defender 2010 will detect numerous threats. Trust your instinct and the legit antivirus program, after all Desktop Defender 2010 has no components to scan computer.

Desktop Defender 2010 will continously bombard computer with scary warning messages and one of its says:

You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.
You have a computer with a virus that sends spam. This is a mass-mailing worm with backdoor thus allowing un-authorized access to the infected system. It spreads by mass-mailing itself to e-mail addresses harvested from the local computer or by querying on-line search engines such as google.com. The IP address that YOU are getting from Internet Service Provider (ISP) for YOU personal computer is on some major blacklist, like SpamHaus. Your computer has been used to send a huge amount of junk e-mail messages during the last days. You IP will be marked in the Police log file as mass-mailing spam assist. Upgrading to the full version Desktop Defender 2010 it will eliminate the majority of Spam attempts.

What are the Symptoms of Desktop Defender 2010 Infection?

It will modify Windows Registry and add the following entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run “Desktop Defender 2010”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Uninstall\Desktop Defender 2010
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Internet Settings\User Agent\Post Platform “Desktop Defender 2010”
  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
  • HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
  • HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
  • HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
  • HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
  • HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
  • HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}

The threat will drop the following malicious files:

  • c:\Program Files\Desktop Defender 2010\AF.dll
  • c:\Program Files\Desktop Defender 2010\daily.cvd
  • c:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
  • c:\Program Files\Desktop Defender 2010\guide.chm
  • c:\Program Files\Desktop Defender 2010\hjengine.dll
  • c:\Program Files\Desktop Defender 2010\IEAddon.dll
  • c:\Program Files\Desktop Defender 2010\MFC71.dll
  • c:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
  • c:\Program Files\Desktop Defender 2010\msvcp71.dll
  • c:\Program Files\Desktop Defender 2010\msvcr71.dll
  • c:\Program Files\Desktop Defender 2010\pthreadVC2.dll
  • c:\Program Files\Desktop Defender 2010\shellext.dll
  • c:\Program Files\Desktop Defender 2010\siglsp.dll
  • c:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
  • c:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
  • c:\Program Files\Desktop Defender 2010\uninstall.exe
  • c:\WINDOWS\system32\drivers\tdifw_drv.sys
  • c:\WINDOWS\system32\LogFiles\tdifw\log.txt
  • %Temp%\gedx_ae09.exe
  • %Temp%\kgn.exe
  • %Temp%\kilslmd.exex
  • %Temp%\kn.a.exe

How to Remove Desktop Defender 2010 Manually

1. Restart your computer in SafeMode
– After Power-On the computer, just before Windows start, press F8
– From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
– Click Start > Run
– Type in the field, regedit
– Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
– Base on the given location above, browse and delete the file
– If no location is given, click Start>Search> and search for the files.
– If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
– Update antivirus program
– Scan computer and delete all detected threats.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>