• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Rogue Anti Spyware › Tutorials - HowTo › How to remove Desktop Defender 2010 (Uninstall instructions)

How to remove Desktop Defender 2010 (Uninstall instructions)

Myantispyware team October 28, 2009     33 Comments    

Desktop Defender 2010 is a rogue antispyware program from the same family as Contraviro and UnVirex. Once installed it will register itself in the Windows registry to run automatically when Windows starts. Immediately after launch, Desktop Defender 2010 will begin to scan your PC and display scan results that state the computer is infected with numerous infections, in order to trick you into thinking that your computer is infected. It hopes that you will then buy a full version of Desktop Defender 2010. It is important to know that all of these infections are fake, so you can safely ignore them.

DesktopDefender2010
Desktop Defender 2010

Desktop Defender 2010 stops security Windows services: Windows Firewall/Internet Connection Sharing (ICS), Security Center and Automatic Updates. Also Desktop Defender 2010 contains siglsp.dll file that will hijack Winsock LSP to watch the network traffic.

While Desktop Defender 2010 is running your computer will display nag screens and fake security alerts from Windows task bar. Some of the alerts:

Spyware Warning
Your online guard helps to stop unauthorized
changes to your computer

Antispyware software warning
Your computer is infected with spyware and malware.
Last scan results: 37 infected files found!
Click this notification to fix the problem.

However, all of these warnings are a fake and should be ignored! If your PC is infected with the rogue, then use these removal instructions below, which will remove Desktop Defender 2010 and any other infections you may have on your computer for free.

More Desktop Defender 2010 screen shoots



Symptoms in a HijackThis Log

O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 – HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll

Use the following instructions to remove Desktop Defender 2010 (Uninstall instructions)

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select Perform Quick Scan, then click Scan, it will start scanning your computer for Desktop Defender 2010 infection. This procedure can take some time, so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

DesktopDefender2010_remover
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected for start Desktop Defender 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Desktop Defender 2010 creates the following files and folders

C:\Program Files\Desktop Defender 2010
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
C:\Program Files\Desktop Defender 2010\IEAddon.dll
C:\Program Files\Desktop Defender 2010\shellext.dll
C:\WINDOWS\system32\drivers\tdifw_drv.sys
C:\Program Files\Desktop Defender 2010\AF.dll
C:\Program Files\Desktop Defender 2010\daily.cvd
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
C:\Program Files\Desktop Defender 2010\guide.chm
C:\Program Files\Desktop Defender 2010\hjengine.dll
C:\Program Files\Desktop Defender 2010\MFC71.dll
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
C:\Program Files\Desktop Defender 2010\msvcp71.dll
C:\Program Files\Desktop Defender 2010\msvcr71.dll
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll
C:\Program Files\Desktop Defender 2010\siglsp.dll
C:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
C:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
C:\Program Files\Desktop Defender 2010\uninstall.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.LNK
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.LNK
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.LNK

Desktop Defender 2010 creates the following registry keys and values

HKEY_CLASSES_ROOT\ieaddon.statusbarpane
HKEY_CLASSES_ROOT\TypeLib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c}
HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5}
HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1
HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb}
HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop defender 2010
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TDIFW_DRV
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TDIFW_DRV
HKEY_CLASSES_ROOT\AppID\IEAddon.dll
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010

Rogue Anti Spyware Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

33 Comments

  1. George
    ― January 19, 2010 - 1:05 pm  Reply

    I restarted and now it’s back; only now Malwarebytes isn’t detecting anything wrong. Should I run OTM again? The exe file process is still not appearing, even under all users.

  2. danny
    ― January 19, 2010 - 9:37 pm  Reply

    I used malwarebytes, and it got rid of desktop defender, but then it came back and now malwarebytes can’t get rid of it anymore. everytime i restart my computer after a scan, desktop defender is back.

  3. Patrik
    ― January 20, 2010 - 1:03 pm  Reply

    George, probably your computer is infected with an trojan that reinstalls the rogue. Ask for help in our Spyware removal forum.

« Previous 1 2

Leave a Reply Cancel reply




New Guides

McAfee - Your iPhone is infected with 5 viruses scam
McAfee – Your iPhone is infected with 5 viruses POP-UP SCAM (Virus removal guide)
unwanted ads
Web Saver extension (Virus removal guide)
Notificationnewspro.com
How to remove Notificationnewspro.com pop-ups (Virus removal guide)
webheroes.store scam
Webheroes.store pop-up scam (Virus removal guide)
unwanted ads
How to uninstall DigitalPaper app/extension from Mac (Virus removal guide)

Follow Us

Search

Useful Guides

Tech Support Scam
Remove Tech Support Scam pop-up virus [Microsoft & Apple Scam]
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
How to reset Google Chrome settings to default

Recent Posts

How to remove Volcano Security Suite (Uninstall instructions)
How to remove Windows System Defender (Uninstall instructions)
How to remove ShieldSafeness (Uninstall instructions)
How to remove SoftStronghold (Uninstall instructions)
How to remove Internet Antivirus Pro (Uninstall instructions)

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.