Sign in to follow this  
Christian Mairoll

Desktop Defender 2010 Adware Removal Instructions

Recommended Posts

 

The Emsi Software malware research team has discoverd a new outbreak of the Desktop Defender 2010 adware. a-squared Anti-Malware detects this malware as Adware.Win32.DesktopDefender2010.

Desktop Defender 2010 is a rogue scanner program, it shows misleading scan results and fake security alerts. If you download and install Windows PC Defender 2010, it will be automatically configured to start each time you log on into Windows. Once the program is running it will scan your computer and then displays fake infections, but will not allow you to remove them until you purchase it.

This rogue has some protection, one of them is the protection against virtual machine. When user try to run the Installer of this rogue on the virtual machine environment, the application will crash.

DesktopDefender2010_InstallerCrash.png

DesktopDefender2010_VMProtection.png

And also protects himself from the unwanted applications, e.g. File Monitor and Registry Monitor from SysInternals.

DesktopDefender2010_ToolsProtection.png

Create new files:

  • %ProgramFiles%Desktop Defender 2010msvcr71.dll
  • %ProgramFiles%Desktop Defender 2010pthreadVC2.dll
  • %ProgramFiles%Desktop Defender 2010shellext.dll
  • %ProgramFiles%Desktop Defender 2010siglsp.dll
  • %ProgramFiles%Desktop Defender 2010tdifw_drv_WLH.sys
  • %ProgramFiles%Desktop Defender 2010tdifw_drv_WXP.sys
  • %ProgramFiles%Desktop Defender 2010uninstall.exe
  • %ProgramFiles%Desktop Defender 2010AF.dll
  • %ProgramFiles%Desktop Defender 2010daily.cvd
  • %ProgramFiles%Desktop Defender 2010Desktop Defender 2010.exe
  • %ProgramFiles%Desktop Defender 2010guide.chm
  • %ProgramFiles%Desktop Defender 2010hjengine.dll
  • %ProgramFiles%Desktop Defender 2010IEAddon.dll
  • %ProgramFiles%Desktop Defender 2010MFC71.dll
  • %ProgramFiles%Desktop Defender 2010MFC71ENU.DLL
  • %ProgramFiles%Desktop Defender 2010msvcp71.dll
  • %SystemRoot%system32driverstdifw_drv.sys
  • %AllUsersProfile%DesktopDesktop Defender 2010.lnk
  • %AllUsersProfile%Start MenuProgramsDesktop Defender 2010.lnk
  • %AllUsersProfile%Start MenuProgramsDesktop Defender 2010How to Activate Desktop Defender 2010.lnk
  • %AllUsersProfile%Start MenuProgramsDesktop Defender 2010Activate Desktop Defender 2010.lnk
  • %AllUsersProfile%Start MenuProgramsDesktop Defender 2010Desktop Defender 2010.lnk
  • %UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchDesktop Defender 2010.lnk
  • %UserProfile%Local SettingsTempkgn.exe
  • %UserProfile%Local SettingsTempkilslmd.exex
  • %UserProfile%Local SettingsTempkn.a.exe
  • %UserProfile%Local SettingsTemp.tt1.tmp
  • %UserProfile%Local SettingsTemp.tt1.tmp.exe
  • %UserProfile%Local SettingsTempgedx_ae09.exe
  • %UserProfile%Local SettingsTempnsq18.tmpext.dll
  • %UserProfile%Local SettingsTempnsq18.tmpSystem.dll

Create new registry entries:

  • HKEY_LOCAL_MACHINEsoftwareClasses*shellexContextMenuHandlersantivirus_contextscan
  • HKEY_LOCAL_MACHINEsoftwareClassesAppIDIEAddon.DLL
  • HKEY_LOCAL_MACHINEsoftwareClassesAppID{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{08EEC6AD-7486-487F-89B7-5A3716DDAE14}InprocServer32
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}InprocServer32
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}ProgID
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}Programmable
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}TypeLib
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{CCB5551D-8594-4999-85F9-1E3EABCB95AC}VersionIndependentProgID
  • HKEY_LOCAL_MACHINEsoftwareClassesDriveshellexContextMenuHandlersantivirus_contextscan
  • HKEY_LOCAL_MACHINEsoftwareClassesFoldershellexContextMenuHandlersantivirus_contextscan
  • HKEY_LOCAL_MACHINEsoftwareClassesIEAddon.StatusBarPane
  • HKEY_LOCAL_MACHINEsoftwareClassesIEAddon.StatusBarPaneCLSID
  • HKEY_LOCAL_MACHINEsoftwareClassesIEAddon.StatusBarPaneCurVer
  • HKEY_LOCAL_MACHINEsoftwareClassesIEAddon.StatusBarPane.1
  • HKEY_LOCAL_MACHINEsoftwareClassesIEAddon.StatusBarPane.1CLSID
  • HKEY_LOCAL_MACHINEsoftwareClassesInterface{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
  • HKEY_LOCAL_MACHINEsoftwareClassesInterface{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}ProxyStubClsid
  • HKEY_LOCAL_MACHINEsoftwareClassesInterface{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}ProxyStubClsid32
  • HKEY_LOCAL_MACHINEsoftwareClassesInterface{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}TypeLib
  • HKEY_LOCAL_MACHINEsoftwareClassesTypeLib{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
  • HKEY_LOCAL_MACHINEsoftwareClassesTypeLib{3ED0E410-5C8E-47B6-A75D-D10B886E903C}1.0
  • HKEY_LOCAL_MACHINEsoftwareClassesTypeLib{3ED0E410-5C8E-47B6-A75D-D10B886E903C}1.0

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.