Desktop Defender 2010

[aplefka]

I tried searching for this in several forums and couldn't find anything on it, which surprises me since a Google search turns up a lot.

Anyway, I got hit with this on my desktop today and it's really frustrating the hell out of me. I figured out it was a scam right away and ended any processes I didn't recognize, then deleted the .dll's and files in the folder it installed itself to. This didn't fix anything, so then I went online and found a whole list of registry entries and .dll's to take care of, but the problem I'm running into is that none of them exist. Not a single registry entry or .dll mentioned on multiple different sites appears to be anywhere on my computer. I've run Spybot and AVG Free, and while Spybot picked up on it, once I tried to delete it, it wouldn't let me because apparently I'm not an administrator (bullshit, I built this rig and it's only on a home network). I tried again in Safe Mode and this time it didn't even show up. Anyone got any suggestions? I'm at my wit's end here and since it's the first virus/malware I've been in with in about a decade, it's making up for lost time by popups every 15 seconds.

 

[tzdk]

Is it this one http://www.bleepingcomputer.com/virus-removal/remove-desktop-defender-2010 If that does not help there is probably more.

Try scan with these 2 "online" scanner, "online" because they have quarantine and are almost installed on-demand scanners:
http://housecall.trendmicro.com/
http://www.eset.com/onlinescan/

Malwarebytes and one called SuperAntiSpyware http://superantispyware.com/ are nice to have and most likely more effective than Spybot and AVG. They specialize in DD2010 type of crap but can do more. Their reason for being alive is other tools faults, as you have found out SuperAntiSpyware has a startup entry but just disable. They do not conflict with anything.

 

[lxskllr]

Try Malwarebytes. That works pretty well for removing that sort of thing. Also, look up antivirusXP/Vista/2009/2010 whatever... It may work the same way, with similar removal techniques.

 

[tzdk]

Sounds like more of the same but sometimes X needs special treatment or fix will not work. I know those Bleepingcomputer links basically are Malwarebytes Ads but well it is good and works Is their domain. They would not post removal "guides" if they did not work. Need to be sure infection is the correct one though. There could be variants.

Be careful about "looking up" on Google. There is a force called malware-SEO Not necessarily deadly but affiliate crap (pc tools!) or half-crappy tools trying to monetize on latest keywords. Best to focus on special sites and seek help there. A random Google search is not always reliable.

 

[aplefka]

Be careful about "looking up" on Google. There is a force called malware-SEO Not necessarily deadly but affiliate crap (pc tools!) or half-crappy tools trying to monetize on latest keywords. Best to focus on special sites and seek help there. A random Google search is not always reliable.

This is why I looked at several different sites listing ways to remove the virus and confirmed they all listed the same files. Trust me, I was scared to even look it up on Google once I got infected haha. I actually did check out some Malwarebytes software but Spybot picked up the infected files long before their software did.

I ended up doing a system restore (luckily I had one from about 14 hours before the POS malware got installed) and that seems to have worked out fine. I'm still a little paranoid that a .dll is hiding somewhere but I've run a few scans now with nothing coming up so hopefully I'm okay. Is it possible that there are .dll's dormant somewhere even after a system restore? Security isn't really an area I know much about beyond preventive measures.

 

[tzdk]

Don't know what you checked but guides can be updated or 3 months and several variants old In another thread right next to yours a guy cant run Malwarebytes to remove yet another fake AV. Looking at their own removal guide that is weird. Just fire it up and it should work. Nope, on bleepingcomputers guide they say to run rkill which remove processes stopping Malwarebytes from running. If you know what to look for task manager will probably do. After removal Malwarebytes files will be missing (reinstall required) and changing hosts file which must be reset when done. I am sure many of those not so serious guides lacks important info. Well in this case also Malwarebytes own.

Guide A or guide B is made for the same reasons as you will also notice at bottom. Not like they suddenly suggest SuperAntiSpyware I am not a fan of this but they do a good job. There is difference in quality, updates for sure.

Sure there can be .dll and .exe files in your newly restored Windows. Or not. How to tell? You got this infection long after restore was made but was it clean at that time? That is the quesiton I would scan to feel confident. Some fix infections by restoring. I might go for a full restore from an image. Don't trust restore as a fix. Depends of course on type of infection but if there is a time for paranoia it is when cleaning up.

Anyway, it is a good thing to keep Malwarebytes, SuperAntispyware on computer. No reason to uninstall Spybot of course. As long as nothing resident is running there are no conflicts or limits to scanning options. Superantispyware has an online scanner btw, again a semi-offline thingy. http://superantispyware.com/onlinescan.html remember to udpdate first. It will almost certainly find cookies but just ignore. You will know if something bad is in the list.

Takes forever to do full scan but if you really want to be sure there is not a click_me_and_you_get_DD2010.exe somewhere go full.

The more you scan the higher risk of false positives but usually it wont kill computer that a apparently weird exe-file gets quarantined or removed. Check settings and make sure to save logs if possible. Trends online scanner can't do that which is bad but quarantine make it less of a problem. You can disable "possibly unwanted programs" or similar term to avoid false warnings. Most of them.

Look one the bright side. Now you can reevaluate preventive measures and learn from mistakes - or what exactly went wrong? Any AV can fail but should you have been too comfortable having X in background that dream is now gone. Which url did it came from? Has that been blocked for months by the few updated hosts file or dns services dealing with malware? Yet unknown to Spybots immunizing which you use? Can always improve without necessarily having to click BUY buttons. Most products are fantastic, perfect, secure, easy!