Wednesday, October 28, 2009

Desktop Defender 2010

Desktop Defender 2010 is a new fake antivirus from the same family as: Contraviro and UnVirex.



Like the previous versions, the database of Desktop Defender 2010 has been ripped from Clam AntiVirus (ClamAV), an open source (GPL) and free anti-virus toolkit.

HijackThis symptoms:
O2 - BHO: StatusBarPane - {CCB5551D-8594-4999-85F9-1E3EABCB95AC} - C:\Program Files\Desktop Defender 2010\IEAddon.dll
O4 - HKLM\..\Run: [Desktop Defender 2010] C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\desktop defender 2010\siglsp.dll
Notice the LSP Hijack: Removing siglsp.dll file without restoring the LSP chain will break Internet connexion.
Leaving it will allow an infected componant to watch the network traffic.



If your system is infected with Desktop Defender 2010, follow the Bleeping Computer removal guide. MBAM is the only free tool to remove completely Desktop Defender 2010 AND the LSP Hijack.