Desktop Defender 2010

29 October 2009 Rogue 1 Comment

Desktop Defender 2010 is patterned from other rogue anti-spyware application that makes use of fake alerts and warning messages in order to attract user’s attention. Slight modification on Desktop Defender 2010’s console make the rogue software look new and different from other variants. Attackers behind this fraud wanted to avoid catchy images of the previously released unwanted application.

Desktop Defender 2010 utilizes a Trojan to spread and dump itself on computers without being notices by user. This method is likely independent on spam email messages and harmful links from instant messaging applications. Additionally, victim is occasional redirected to a malicious security websites that performs automatic virus scan. This scan will lead into downloading of Desktop Defender 2010 on to computers.

You can remove this unwanted application not by acquiring the registered version. Keep in mind that Desktop Defender 2010 is a counterfeit application that produces intrusive warning messages, fabricated scan results, and many task bar alerts that pretend as issued by the operating system in an attempt to scare victims and persuade them to remove threats by acquiring the registration key. To eliminate this malware and other malicious element on the system, thorough scanning using legitimate anti-malware program is the only solution.

Screen Shot Image:

Technical Details and Additional Information:

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Malware Behavior
When this rogue program in installed on the computer, it will start generating false information in the form of fake pop-up alerts and task bar warning. Some messages may appear similar to these:

Antispyware software warning
Your computer is infected with spyware and malware.
Last scan results: 52 infected files found!
Click this notification to fix the problem.
Possible loss of data!
Too many privacy violation attempts on your computer!
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.
You have a computer with a virus that sends spam.

Added Registry Entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run "(random characters)"
HKLM\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys  
HKCR\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKCR\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKCR\AppID\IEAddon.DLL
HKCR\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKCR\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKCR\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKCR\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKCR\IEAddon.StatusBarPane
HKCR\IEAddon.StatusBarPane.1
HKCR\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKCR\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKLM\SOFTWARE\Desktop Defender 2010
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKLM\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "Desktop Defender 2010"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Desktop Defender 2010"
HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe"

Associated Files and Folders:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
C:\Program Files\Desktop Defender 2010
C:\Program Files\Desktop Defender 2010\AF.dll
C:\Program Files\Desktop Defender 2010\daily.cvd
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
C:\Program Files\Desktop Defender 2010\guide.chm
C:\Program Files\Desktop Defender 2010\hjengine.dll
C:\Program Files\Desktop Defender 2010\IEAddon.dll
C:\Program Files\Desktop Defender 2010\MFC71.dll
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
C:\Program Files\Desktop Defender 2010\msvcp71.dll
C:\Program Files\Desktop Defender 2010\msvcr71.dll
C:\Program Files\Desktop Defender 2010\MyTaskMgrDll.dll
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll
C:\Program Files\Desktop Defender 2010\shellext.dll
C:\Program Files\Desktop Defender 2010\siglsp.dll
C:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
C:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
C:\Program Files\Desktop Defender 2010\uninstall.exe
C:\WINDOWS\system32\(random characters)
C:\WINDOWS\system32\tdidis32.sys

How to Remove Desktop Defender 2010

1. Kill any running process that belongs to Desktop Defender 2010.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
top Defender 2010.exe, (random characters).exe

2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "(random characters)"
- Close registry editor. Changes made will be save automatically.

3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.

4. Delete all files dropped by Desktop Defender 2010.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'

Automatic Removal of Desktop Defender 2010

In order to completely remove the threat, click here to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected machine.

What to do next...

Comments and Suggestions

On this area you can find Visitor's personal suggestions. We cannot control and evaluate each recommended procedure from visitors so please use it at your own risks. If your inquiry pertains to Desktop Defender 2010 payment refund or lost serial key, kindly check the FAQ for rogue program first.

One Comment

Pixie
Jan 16, 2010 @ 18:43:17
Go Back in Time before your system was infected by this Trojan by using SYSTEM RESTORE!
Here is how for XP users, but VISTA users have similar instructions.
1. Click Start.
2. Point to All Programs.
3. Point to Accessories.
4. Point to System Tools.
5. Click System Restore.
6. Follow the instructions on the wizard.
This will not erase any photos or files you have created, it just takes your system back to a time when the virus was not there.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
http://windows.microsoft.com/en-US/windows-vista/What-is-System-Restore