Remove Desktop Defender 2010

You can download a copy of MalwareBytes from here!

Look Familiar?

So here we go again, I suspect this sort of program is not going anywhere soon. So we as users need to make sure we are protected and keeping an eye open for this sort of program. The worst part is we really don't know what to look out for right! Well at leats we can remove the malicious software.

Desktop Defender 2010 manual removal:

Following the directions below have worked for me as of 6-4-2010, I will update this guide if the steps to remove Desktop Defender 2010 change. I suspect this to change or a new program will be made to replace this and at that point I will update this guide to reflect the changes. Best of luck removing this and if you have trouble following this guide feel free to email meor post here.

I will also post some of the troubles you might come accross and what other steps you can try.

Kill processes:

  • gedx_ae09.exe
  • kgn.exe
  • kilslmd.exe
  • kn.a.exe
  • uninstall.exe

Delete registry values:

  • HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\AppID\{C0E56AC2-9F72-436E-B6E7-AEC28AF9E4EB}
  • HKEY_CLASSES_ROOT\AppID\IEAddon.DLL
  • HKEY_CLASSES_ROOT\CLSID\{08EEC6AD-7486-487F-89B7-5A3716DDAE14}
  • HKEY_CLASSES_ROOT\CLSID\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\Drives\shellex\ContextMenuHandlers\antivirus_contextscan
  • HKEY_CLASSES_ROOT\IEAddon.StatusBarPane
  • HKEY_CLASSES_ROOT\IEAddon.StatusBarPane.1
  • HKEY_CLASSES_ROOT\Interface\{5B184B9D-B7BD-4FEA-8D1F-5E27182206A5}
  • HKEY_CLASSES_ROOT\TypeLib\{3ED0E410-5C8E-47B6-A75D-D10B886E903C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB5551D-8594-4999-85F9-1E3EABCB95AC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Defender 2010
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdifw_drv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "Desktop Defender 2010"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Desktop Defender 2010"

Unregister DLLs:

  • hjengine.dll
  • IEAddon.dll
  • MFC71.dll
  • MFC71ENU.DLL
  • msvcp71.dll
  • msvcr71.dll
  • pthreadVC2.dll
  • shellext.dll
  • siglsp.dll

Delete directories:

  • c:\Documents and Settings\All Users\Desktop\Desktop Defender 2010.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010
  • c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Activate Desktop Defender 2010.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\Desktop Defender 2010.lnk
  • c:\Documents and Settings\All Users\Start Menu\Programs\Desktop Defender 2010\How to Activate Desktop Defender 2010.lnk
  • c:\Program Files\Desktop Defender 2010
  • c:\Program Files\Desktop Defender 2010\AF.dll
  • c:\Program Files\Desktop Defender 2010\daily.cvd
  • c:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
  • c:\Program Files\Desktop Defender 2010\guide.chm
  • c:\Program Files\Desktop Defender 2010\hjengine.dll
  • c:\Program Files\Desktop Defender 2010\IEAddon.dll
  • c:\Program Files\Desktop Defender 2010\MFC71.dll
  • c:\Program Files\Desktop Defender 2010\MFC71ENU.DLL
  • c:\Program Files\Desktop Defender 2010\msvcp71.dll
  • c:\Program Files\Desktop Defender 2010\msvcr71.dll
  • c:\Program Files\Desktop Defender 2010\pthreadVC2.dll
  • c:\Program Files\Desktop Defender 2010\shellext.dll
  • c:\Program Files\Desktop Defender 2010\siglsp.dll
  • c:\Program Files\Desktop Defender 2010\tdifw_drv_WLH.sys
  • c:\Program Files\Desktop Defender 2010\tdifw_drv_WXP.sys
  • c:\Program Files\Desktop Defender 2010\uninstall.exe
  • c:\WINDOWS\system32\drivers\tdifw_drv.sys
  • c:\WINDOWS\system32\LogFiles\tdifw
  • c:\WINDOWS\system32\LogFiles\tdifw\log.txt

This is where it gets fun, First thing I want you to know is you may or may not have all the files, registry entries or dll files. This would be ok as it seems to act different based on your setup. So remove delete what you can find. Also the name of the program masy be a little different, like Total PC Defender 2010...ect

So try booting into safe mode with networking first, if you are still unable to remove or stop the malware, try and download malwareBytes while you are still in safemode. If you can download this while in safemode lets now create a new user (just make sure the user is an admin). Once we have created the new user restart your computer and log into the new user we created and try and run MalwareBytes, make sure you select quick scan. If after all this you still have problems post your comments below.

Best of Luck.

Add to: Twitter del.icio.us Yahoo! MyWeb StumbleUpon Furl Blinklist Spurl Google Technorati Digg reddit Rojo Add This!

Comments (0)

Name
E-mail (Will not appear online)
Homepage
Title
Comment
July 20, 2010
Android
April 26, 2010
Networking
April 7, 2010
Remove Desktop Defender 2010
Updated April 20, 2010
Xperia
Nov 5, 2009
Remove Malware Defender 2009
April 19, 2009
How to unregister DLL files.