Desktop Defender 2010 is a rogue antispyware program from the same family as Contraviro and UnVirex. Once installed it will register itself in the Windows registry to run automatically when Windows starts. Immediately after launch, Desktop Defender 2010 will begin to scan your PC and display scan results that state the computer is infected with numerous infections, in order to trick you into thinking that your computer is infected. It hopes that you will then buy a full version of Desktop Defender 2010. It is important to know that all of these infections are fake, so you can safely ignore them.
Desktop Defender 2010
Desktop Defender 2010 stops security Windows services: Windows Firewall/Internet Connection Sharing (ICS), Security Center and Automatic Updates. Also Desktop Defender 2010 contains siglsp.dll file that will hijack Winsock LSP to watch the network traffic.
While Desktop Defender 2010 is running your computer will display nag screens and fake security alerts from Windows task bar. Some of the alerts:
Spyware Warning
Your online guard helps to stop unauthorized
changes to your computer
Antispyware software warning
Your computer is infected with spyware and malware.
Last scan results: 37 infected files found!
Click this notification to fix the problem.
However, all of these warnings are a fake and should be ignored! If your PC is infected with the rogue, then use these removal instructions below, which will remove Desktop Defender 2010 and any other infections you may have on your computer for free.
More Desktop Defender 2010 screen shoots
Symptoms in a HijackThis Log
O2 – BHO: StatusBarPane – {CCB5551D-8594-4999-85F9-1E3EABCB95AC} – C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 – HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
Use the following instructions to remove Desktop Defender 2010 (Uninstall instructions)
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Desktop Defender 2010 infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Desktop Defender 2010 removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Desktop Defender 2010 creates the following files and folders
C:\Program Files\Desktop Defender 2010
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
C:\Program Files\Desktop Defender 2010\IEAddon.dll
C:\Program Files\Desktop Defender 2010\shellext.dll
C:\WINDOWS\system32\drivers\tdifw_drv.sys
C:\Program Files\Desktop Defender 2010\AF.dll
C:\Program Files\Desktop Defender 2010\daily.cvd
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
C:\Program Files\Desktop Defender 2010\guide.chm
C:\Program Files\Desktop Defender 2010\hjengine.dll
C:\Program Files\Desktop Defender 2010\MFC71.dll
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
C:\Program Files\Desktop Defender 2010\msvcp71.dll
C:\Program Files\Desktop Defender 2010\msvcr71.dll
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll
C:\Program Files\Desktop Defender 2010\siglsp.dll
C:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
C:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
C:\Program Files\Desktop Defender 2010\uninstall.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
C:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.LNK
C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.LNK
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Defender 2010.LNK
Desktop Defender 2010 creates the following registry keys and values
HKEY_CLASSES_ROOT\ieaddon.statusbarpane
HKEY_CLASSES_ROOT\TypeLib\{3ed0e410-5c8e-47b6-a75d-d10b886e903c}
HKEY_CLASSES_ROOT\Interface\{5b184b9d-b7bd-4fea-8d1f-5e27182206a5}
HKEY_CLASSES_ROOT\CLSID\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ccb5551d-8594-4999-85f9-1e3eabcb95ac}
HKEY_CLASSES_ROOT\ieaddon.statusbarpane.1
HKEY_CLASSES_ROOT\AppID\{c0e56ac2-9f72-436e-b6e7-aec28af9e4eb}
HKEY_CLASSES_ROOT\CLSID\{08eec6ad-7486-487f-89b7-5a3716ddae14}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop defender 2010
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\Root\LEGACY_TDIFW_DRV
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TDIFW_DRV
HKEY_CLASSES_ROOT\AppID\IEAddon.dll
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\antiVirus_contextscan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010
I need delete this program from my pc
If instructions above does not help you, then ask for help in our Spyware removal forum.
I did this and now my computer will not start, Every time it goes to the desktop screen it automatically restarts what should I do, please help me! (Note I’m using my sister’s laptop) please email me if you have a solution.
Joey, looks like the trojan has removed a few system files or damaged Windows registry. Please read the article: How to reboot computer in Safe mode, but boot your computer in the Last Good configuration mode.
i just did this scan with a current update to malware, and i scanned the known files after pulling the hard drive from infected computer and slaved it to this computer, malware isnt detecting anything and the bad program has completely disabled my other computer, causing a BSOD when explorer.exe loads up file tdidis32.sys is the pagefault file. this program doesn’t work at all. booting in safe mode and running malware doesnt detect it either. what a pain.
Desktop Defender keeps advancing in ruining my computer every day first it started with closing explorer.exe and i have to constantly open it with task manager it also duplicates files on my desktop such as \
worked perfectly showed whos boss to that piece of shit program(desktop defender 2010)
TY
Whenever i start up my PC desktop defender 2010 appears, i cant even go on the internet to install the program to get rid of desktop defender 2010, like it just goes to a black screen and shows the virus program, someone help please (im using my other computer right now)
Rek, you have tried Safe mode with networking to download malwarebytes ?
Rek, try Ctrl+Alt+Delete. Go to the Processes tab, and search for something named Desktop Defender 2010. Click it and End Process. Go to File on Task Manager and click Run. Type in explorer so you can open explorer.exe which is your start bar. You can continue after that.
I am having the same problem as Rek. It won’t even let me get to the process tab. When I start up my pc all I see is this defender and a black screen behind it. When I press ctrl alt delete, then click task manager nothing happened. Also tried safe mode same thing happened. Please help
i really need help . this deskdefender wont let me do anything, i tried everything and it keeps sending pops saying my computer its infected but i have antivirus and it says its fine, what do i do?
Thanks a lot for the help, worked perfectly! I would recommend this to anyone, even someone computer illiterate.
I have the same problem as Rek. It has grabbed my screen and so all I see is it. The Malwarebytes program is running in the background but I can’t get to it. I can see that it is running from the icon that pops up above the task bar. The Task manager does not have any program called Deaktop defender 2010 in the list. What else would it call itself?
Linc, try following:
Please download OTM by OldTimer from here.
Run OTM. If the tool does not run and you will be shown a message that stats that OTM is infected, then redownload it and in Save dialog, rename otm.exe to explorer.exe and click Save button.
Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:processes
Desktop Defender 2010.exe
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Desktop Defender 2010"=-
:files
C:\Program Files\Desktop Defender 2010
:Commands[emptytemp]
[Reboot]
Click the red Moveit! button.
Run Malwarebytes once again.
Jake, try run Malwarebytes from Safe mode.
i think its worked for me that gay thing doesnt show up for now >_>
I ran the Malwarebytes program yesterday after the program infected my laptop for the first time and for the rest the night and even all day today. But it just showed up again tonight out of the blue. Everything is fine now because I ran the program again (but it found a lot more infected files this time). How can i prevent it from coming back again??
Gunjan, looks like your PC is infected with a trojan that reinstalls the rogue. Ask for help in our Spyware removal forum.
The best thing to do when you find your PC infected with this program is…
1) disconnect your internet
2) reboot your pc in SAFE MODE (holding down F8 or ctrl when you reboot – choose safe mode)
3) open REGEDIT
4) navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete DESKTOP DEFENDER exe.
(this keeps the program from starting so you can annihilate it properly)
5) REBOOT your PC in safe mode AGAIN
6) navigate to the C:\Program Files\ folder
7) DELETE the entire Desktop Defender folder
8) this eradicates the EXE file which starts.
9) Go through the list of files that is on this webpage and delete every item one by one
Start REGEDIT and delete all the entries listed in the registry list above.
10) start MSCONFIG
11) on the “startup” tab, anything that has to do with Desktop Defender, uncheck
12) Reboot your pc in normal mode (Desktop Defender should NOT start this time)
13) try the malwarebytes download and scan for anything else
Wow….worked like a charm….I have other AV programs (AVG and ThreatFire) that coudnt detect Desktop Defender 2010 but MBAM did it under 30 mins. I also noticed that the security center and the firewall services were disabled (perhaps by this program) so I manually went and switched them to automatic start up.
thank you, you guys are livesavers
Thank you soo much you saved me
Go Back in Time before your system was infected by this Trojan. Here is how for XP users:
1. Click Start.
2. Point to All Programs.
3. Point to Accessories.
4. Point to System Tools.
5. Click System Restore.
6. Follow the instructions on the wizard.
This will not erase any photos or files you have created, it just takes your system back to a time when the virus was not there.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
I hope the people that are behind infecting our computers with Desktop Defender get put away in jail for a long, long time.
Hey omfg this actually works I never thought it would. And whoever created this Tool/helpful website needs awards and thanks I would rate this 6/5 stars and I bookmarked just in case. Thanks A TON!
whenever i start my laptop in safe mode, the virus starts and i literally cant do anything, i have tried all the methods above but none of them help.
when i startup my laptop, i enter safe mode, yes i have disconnected the internet. i log onto my user and the desktop defender starts up, the only thing i can do is ctrl alt delete and task manager, but that doesnt help either.
can anyone help?
I think I got rid of it on my computer. Malwarebytes could not get rid of all of it on my computer. It kept saying that it had to reboot to delete the last file, but on reboot the virus would just duplicate itself and undo everything.
So, I followed the manual instructions on this site and also some of the comments such as deleting mrt.exe from system32.
I also found that it had tried to pass itself as windows security. I’m sorry but I can’t remember the file name but there was this one file that was about 8 characters long, starts with “vs” and the file had some numbers in it. That file is one of the bad files however nobody has mentioned it so far. After I stopped it as a process the fake windows security stopped running on the bottom right of my taskbar. Also, I was able to delete the last Desktop Defender file and folder. Also, I went into the registry and found all instances of that file that starts with “vs” and deleted it from the registry.
Sorry, I can’t be more specific about the filename since I didn’t think about posting this info until now, however you will find that the name appears everywhere, in your registry, in the startup programs (when you do msconfig), in the proccess (when you go to your taskmanager) and also as a recently created file in system32. I googled the exact file name and it did not return as a system critical file. In fact, there were no hits at all. Weird as I would have thought other people would have posted it as a malware. However, I deleted it cuz i figured if it was a Microsoft critical file then it would be on the net somewhere.
Mark, open TaskManager, open Processes Tab, stop “Desktop Defender 2010.exe” process, then try run Malwarebytes Anti-malware.
Patrik, running OTM did the trick. I had the odd circumstance that I manually removed the .exe file from my computer but evidently it was still hidden in the registry because I was still getting the popups (which I couldn’t sidestep because there was no desktop defender 2010 process because I had deleted the .exe file). I am currently rerunning malwarebytes (the first couple of times it found the problem, and as someone else said, when the computer restarts the virus started up again) and it just showed clean. Is it safe (or should I, that is) delete mrt.exe from my System32 file folder?