Saturday, 23 January 2010

How to remove Desktop Security 2010 virus (free removal guide)

Desktop Security 2010 is yet another PC threat classified as a rogue security application. It’s a very irritating scam that blocks anti-virus software and disable other useful system tools that can be used to remove this virus. It’s distributed via bogus websites such as fake online anti-malware scanners. Also we can add fake video/download websites to the list. Desktop Security 2010 is actually a Trojan virus that in most cases must be manually installed. However, it may come bundled with other malicious software too. As you probably know, scareware or just simply fake software tries to convince users into purchasing a full version of the program. That’s what DesktopSecurity2010 is all about. It runs fake system scans and reports premeditated infections on every infected computer. Then this virus asks to pay for a full version of the program because trial version can only detect infections. Without any doubts, you can’t pay for a program that supposedly removes premeditated infections, can you? That’s right. Remove Desktop Security 2010 from your computer as soon as possible.

Desktop Security 2010 is a clone Total PC Defender 2010, Desktop Defender 2010 and Contraviro. All these programs are fake and what's funny that they display the same infections. For example:
  • Keygen.Nero.a
  • W32.Rimecud
  • vminst.og
  • W32.Autorun.Worm!
  • and many other... 
For some of you removal process can be relatively easy, for others it may be very hard and complicated. That’s because Desktop Security 2010 does all it’s best to protect itself and the other thing is that there may be more malware that just this one installed on your PC. It even modifies Task Manager and ads additional column that states which running processes are infected. It also impersonates Windows Security Center and displays fake pop-ups like this one:

Now, if you can, download one of the anti-spyware applications listed below and run a full system scan. These programs should be able to remove Trojans associated with this malware.
If you can't download or install these programs then:

Method #1: Download HijackThis tool. (NOTE: before saving it to your dekstop, rename HijackThis.exe to explorer.exe)

Launch HijackThis and click 'Do a system scan only' button. Select the following entries from the scan results:

O4 – HKLM\..\Run: [Desktop Security 2010] C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe
O4 – HKLM\..\Run: [SecurityCenter] C:\Program Files\Desktop Security 2010\securitycenter.exe
O4 – HKLM\..\Run: [[random].exe] C:\WINDOWS\system32\[random].exe

Close all open programs and click "Fix Checked" button. Exit HijackThis.

Method #2: Reboot your computer in "Safe Mode with Networking" and run them from there. How to do that:

Manual Desktop Security 2010 removal: 

1. End these processes: Desktop Security 2010.exesecuritycenter.exe[random].exe for example jkfuckjs.exe

2.Delete the following directories with all files in those directores:
  • C:\Program Files\Desktop Security 2010 
  • C:\Documents and Settings\All Users\Start Menu\Programs\Desktop Security 2010 
  • C:\WINDOWS\system32\[random].exe
3. Use Regedit to remove these registry values and keys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Security 2010
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Security 2010
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "C:\Program Files\Desktop Security 2010\Desktop Security 2010.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform "Desktop Security 2010"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Desktop Security 2010"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SecurityCenter"
Removal suggesttions from other people:

1. Reboot your PC in Safe mode.

2. Delete these directories:
    C:\Program Files\ Desktop Security 2010 (Windows XP)
    C:\Program Files (x86)\ Desktop Security 2010 (Windows Vista)

3. Open MS Config. Start->Run. Input: msconfig. Select "Startup" tab and look for program names randomly for example: v430t2vwuosc. Uncheck such entries.

4. Remove the same file (v430t2vwuosc) from C:\windows\SysWow64 and C:\Users\[Your Name]\AppData\Roaming\

5. Go into Regedit and delete entries under HKEY_LOCAL_MACHINE and under HKEY_CURRENT_USER for Desktop Security 2010 pointing to some nonsensical URLs.

If you have any question, don't hesitate and ask. Good luck!

No comments:

Post a Comment