Remove Desktop Defender 2010

October 29, 2009 By 6 Comments

Desktop Defender 2010 Descriptions:

Desktop Defender 2010 is a fake anti-spyware software from the same family as Contraviro and UnVirex. Similarly to most of the roguewares, Desktop Defender 2010 sneaks into your computer through Trojans and gets in when you visit some malicious sites.

desktop defender 2010

Desktop Defender 2010 is usually installed even you don’t notice that. The software starts its simulated scans every time you turn your computer on. Of course, the application will find many threats on your machine. However, these files are only created by the Trojans.

deskdef12deskdef10

In order to remove these fake files, Desktop Defender 2010 suggests you removing the malware by purchasing the full version of the application. This is a malicious application and should not be trusted.

Manual Desktop Defender 2010 Removal Instructions:

Stop These Desktop Defender 2010 Processes:
(Learn how to do this)
Desktop Defender 2010.exe
uninstall.exe

Find and Delete These Desktop Defender 2010 Files:
(Learn how to do this)
%Temp%\gedx_ae09.exe
%Temp%\kgn.exe
%Temp%\kilslmd.exex
%Temp%\kn.a.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.lnk
c:\Program Files\Desktop Defender 2010
c:\Program Files\Desktop Defender 2010\AF.dll
c:\Program Files\Desktop Defender 2010\daily.cvd
c:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
c:\Program Files\Desktop Defender 2010\guide.chm
c:\Program Files\Desktop Defender 2010\hjengine.dll
c:\Program Files\Desktop Defender 2010\IEAddon.dll
c:\Program Files\Desktop Defender 2010\MFC71.dll
c:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
c:\Program Files\Desktop Defender 2010\msvcp71.dll
c:\Program Files\Desktop Defender 2010\msvcr71.dll
c:\Program Files\Desktop Defender 2010\pthreadVC2.dll
c:\Program Files\Desktop Defender 2010\shellext.dll
c:\Program Files\Desktop Defender 2010\siglsp.dll
c:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
c:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
c:\Program Files\Desktop Defender 2010\uninstall.exe
c:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
c:\WINDOWS\system32\drivers\tdifw_drv.sys
c:\WINDOWS\system32\LogFiles\tdifw
c:\WINDOWS\system32\LogFiles\tdifw\log.txt

Remove These Desktop Defender 2010 Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010″
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}

bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark

Filed Under: Spyware Removal Tagged With: ,

Comments

  1. Scott says:
    January 1, 2010 at 6:14 pm

    Help! Desktop Defender 2010 has totally locked me out of my Dell/Vista. I tried to delete the appropriate registry by booting in Safemode with a prompt and the damn thing keeps apperaing. I bought antivirus spysweeper but can’t get it to boot. I am back to my 8 year old reliable MAC powerbook right now.

  2. Raja Ismail says:
    January 6, 2010 at 1:04 pm

    The following worked for me:

    I had to resort to manual method to remove DD 2010 virus from my machine:

    Removed the following registry entries (I was familiar accessing the Windows Registry):
    HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010”

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell

    Removed the DLLs (either through DOS prompt or search using Window Search):
    (I included hidden files and folders in my Windows Search options to get to these files)
    (I searched the entire computer just in case the following files were residing elsewhere)

    C:\Program Files\Desktop Defender 2010\hjengine.dll
    C:\Program Files\Desktop Defender 2010\MFC71.dll
    C:\Program Files\Desktop Defender 2010\MFC71ENU.dll
    C:\Program Files\Desktop Defender 2010\msvcp71.dll
    C:\Program Files\Desktop Defender 2010\msvcr71.dll
    C:\Program Files\Desktop Defender 2010\pthreadVC2.dll

    Deleted the files (either through DOS prompt or using Window Search and deleting the files):
    (I included hidden files and folders in my Windows Search options to get to these files)
    (I searched the entire computer just in case the following files were residing elsewhere)

    C:\Program Files\Desktop Defender 2010\ Desktop Defender 2010.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\gedx_ae09.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\kgn.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\kilslmd.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\kn.a.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\w32-reno-c.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\wrcud12.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\wefgetn_00.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\kjdh-gf-jjdhd.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\htfad4.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\hhbboll.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\wrfwe_di.exe
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\wuaclt.exe

    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\11.tmp
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\15.tmp
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\19.tmp
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\9.tmp
    C:\Documents and Settings\Raja Ismail\Local Settings\Temp\D.tmp

    [Whenever there was a message that another program is using this (file, Dll or exe) I went to Task Manager and ended the process name q6rdgtlwdnfr.exe, and then deleted the file, dll or exe]

    Finally, I deleted the registry entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “q6rdgtmwdnwr”
    Then, I ended the process q6rdgtlwdnfr.exe in Window Task Manager.

    This removed the Desktop Defender 2010 virus from my machine.

    Later, I downloaded free Microsoft Tools to protect my PC:
    Microsoft Security Essentials
    Window Defender
    Microsoft Malicious Software Removal Tool

    Raja

  3. Brian says:
    January 9, 2010 at 8:42 pm

    After running spybotSD I was still getting a box on startup/reboot asking if I wanted to run DefenderInstall.exe (yes, I went as far as downloading it to try & get the key, I’m new at this). Finally searched for *defender*.* in all folders (including hidden) & deleted everything “desktop defender”, then dumped the recycle bin. Happy to say, that got rid of it.

  4. tlwright says:
    January 10, 2010 at 9:35 am

    I have a new Dell XP machine that somehow got Desktop Defender 2010 on it. We have no files saved on this machine and only 1 program loaded. Would it be “cleaner” to erase the hard drive and start over? We wouldn’t be losing any data that we are concerned about keeping. If so what is the best way to scrub a hard drive and get it completely free from the virus? I loaded Macafee and it did nothing. Removed it and then loaded AVG and it also did nothing. I’m not comfortable with doing this manual removal process.

  5. Pixie says:
    January 16, 2010 at 1:24 pm

    Go Back in Time before your system was infected by this Trojan by using SYSTEM RESTORE!
    Here is how for XP users, but VISTA users have similar instructions.
    1. Click Start.
    2. Point to All Programs.
    3. Point to Accessories.
    4. Point to System Tools.
    5. Click System Restore.
    6. Follow the instructions on the wizard.

    This will not erase any photos or files you have created, it just takes your system back to a time when the virus was not there.

    http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
    http://windows.microsoft.com/en-US/windows-vista/What-is-System-Restore

  6. Titus says:
    January 19, 2010 at 4:01 pm

    Thank you, it was helpfull

Speak Your Mind

*