Desktop Defender 2010 removal guide
It is a rogue spyware program pretending to be a security tool. Wich is installed on infected computer by the downloader trojans. It looks like it is part of Windows operating system because it appears out of nowhere and it claims to be a spyware remover.
The graphical user interface of Desktop Defender 2010 is quite impressive. It uses Windows Vista style and design elements to make it look more reliable. The rogue program ripped Clam AntiVirus database. ClamAV is an open source anti-virus toolkit. Once installed, DesktopDefender 2010 will imitate a system scan and report a variety of infections. The scan results are of course false. This parasite claims that you have to purchase the full version of the program to remove the threats, because free version is only a scanner. Obviously, you shouldn’t buy it. Another very important thing is that this program modifies the LSP chain by adding siglsp.dll file. If you remove this file without restoring the LSP chain this will break your Internet connection.
What is more, Desktop Defender 2010 will constantly display fake security alerts and notifications from the Windows Task bar stating that your computer is seriously infected or has many privacy/security problems. The fake security alerts state:
Possible loss of data!
Too many privacy violation attempts on your computer!
The details about your credit card, post address, phone numbers from the submitted form can be lost.
——————-
You have been infected by a proxy-relay trojan server with new and danger “SpamBots”.
If you find that your PC is infected with this malicious software, please use the removal guide below to remove Desktop Defender 2010 from the system manually for free. If you have already purchased this program, then contact your credit card company and dispute the charges immediately.
Manual Removal instructions to remove this virus:
Kill processes:
Desktop Defender 2010.exe
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
uninstall.exe
Unregister DLLs:
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll
Delete files:
Desktop Defender 2010.exe
guide.chm
hjengine.dll
IEAddon.dll
MFC71.dll
MFC71ENU.DLL
AF.dll
daily.cvd
msvcp71.dll
msvcr71.dll
pthreadVC2.dll
shellext.dll
siglsp.dll
tdifw_drv_WLH.sys
tdifw_drv_WXP.sys
uninstall.exe
tdifw_drv.sys
log.txt
gedx_ae09.exe
kgn.exe
kilslmd.exex
kn.a.exe
Desktop Defender 2010.lnk
Activate Desktop Defender 2010.lnk
How to Activate Desktop Defender 2010.lnk
Delete directories:
c:\Program Files\Desktop Defender 2010
c:\WINDOWS\system32\LogFiles\tdifw
c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
%Temp%\
Delete Desktop Defender 2010 Windows Registry Information:
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Desktop Defender 2010″
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDIDIS32.SYS
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe”
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDIDIS32.sys
End of Manual removal instructions.
Or
use Auto Removal tools to remove this virus:
Download Super Anti Spyware
OR
Download Malware Bytes Anti-Malware