Desktop Defender 2010 is a rogue antispyware program from the same family as Contraviro and UnVirex. Once installed it will register itself in the Windows registry to run automatically when Windows starts. Immediately after launch, Desktop Defender 2010 will begin to scan your PC and display scan results that state the computer is infected with numerous infections, in order to trick you into thinking that your computer is infected. It hopes that you will then buy a full version of Desktop Defender 2010. It is important to know that all of these infections are fake, so you can safely ignore them.
Desktop Defender 2010
Desktop Defender 2010 stops security Windows services: Windows Firewall/Internet Connection Sharing (ICS), Security Center and Automatic Updates. Also Desktop Defender 2010 contains siglsp.dll file that will hijack Winsock LSP to watch the network traffic.
While Desktop Defender 2010 is running your computer will display nag screens and fake security alerts from Windows task bar. Some of the alerts:
Spyware Warning
Your online guard helps to stop unauthorized
changes to your computer
Antispyware software warning
Your computer is infected with spyware and malware.
Last scan results: 37 infected files found!
Click this notification to fix the problem.
However, all of these warnings are a fake and should be ignored! If your PC is infected with the rogue, then use these removal instructions below, which will remove Desktop Defender 2010 and any other infections you may have on your computer for free.
More Desktop Defender 2010 screen shoots
Symptoms in a HijackThis Log
O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 – HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
Use the following instructions to remove Desktop Defender 2010 (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Desktop Defender 2010 infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Desktop Defender 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Desktop Defender 2010 creates the following files and folders
C:\Program Files\Desktop Defender 2010
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
C:\Program Files\Desktop Defender 2010\IEAddon.dll
C:\Program Files\Desktop Defender 2010\shellext.dll
C:\WINDOWS\system32\drivers\tdifw_drv.sys
C:\Program Files\Desktop Defender 2010\AF.dll
C:\Program Files\Desktop Defender 2010\daily.cvd
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
C:\Program Files\Desktop Defender 2010\guide.chm
C:\Program Files\Desktop Defender 2010\hjengine.dll
C:\Program Files\Desktop Defender 2010\MFC71.dll
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
C:\Program Files\Desktop Defender 2010\msvcp71.dll
C:\Program Files\Desktop Defender 2010\msvcr71.dll
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll
C:\Program Files\Desktop Defender 2010\siglsp.dll
C:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
C:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
C:\Program Files\Desktop Defender 2010\uninstall.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.LNK
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.LNK
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.LNK
Desktop Defender 2010 creates the following registry keys and values
HKEY_CLASSES_ROOT\ieaddon.statusbarpane
HKEY_CLASSES_ROOT\TypeLib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c}
HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5}
HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1
HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb}
HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop defender 2010
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TDIFW_DRV
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TDIFW_DRV
HKEY_CLASSES_ROOT\AppID\IEAddon.dll
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010
I restarted and now it’s back; only now Malwarebytes isn’t detecting anything wrong. Should I run OTM again? The exe file process is still not appearing, even under all users.
I used malwarebytes, and it got rid of desktop defender, but then it came back and now malwarebytes can’t get rid of it anymore. everytime i restart my computer after a scan, desktop defender is back.
George, probably your computer is infected with an trojan that reinstalls the rogue. Ask for help in our Spyware removal forum.