My parent’s Win XP box became infected with Desktop Security 2010 and I was tasked with it’s removal and cleanup.
Following are the steps that I took, some of which required some additional digging and experimentation that was not in the top 10 or so search results.
The first hurdle was to actually get access to the Windows Desktop.
In this case when the machine booted to Windows the Desktop Security 2010 program would essentially take over the machine. I had no access to the Desktop or any othe Windows GUI.
I clicked on DS2010 close button and after some cogitation decided to click on the Yes or Cancel buttons (I don’t remember which) to actually close the first DS2010 window.
In my case, I was left with a blank screen, no Desktop. To get explorer to launch I did the following:? Ctrl+Alt+Delete. This brings up the Task Manager.
Select File/Run and in the Run dialog box enter “explorer.exe” and click “Enter”.
In my case, that ran explorer and now I had access to the Desktop.
Now that I was able to use the Win GUI I downloaded the following to enable me to kill the currently running DS2010 processes. Click here to download rkill.com (I can vouch for the validity and benign nature of this program).
Then, I downloaded a copy of Malwarebytes’ Anti-Malware. You may have to rename both the name of the installer and the name of the .exe file that it installs so that it will run properly. In my case, that is what I had to do to get the mbam.exe to run.
I updated the software, and then ran a full scan. After the full scan ran I clicked on “Remove Selected” and then rebooted per it’s suggestion.
Unfortunately, it did not remove DS2010 and I did the following:
Ran rkill.com again, and then, by hand, deleted each of the executable files that rkill indicated it had killed.
Then I ran the Malwarebytes’ Anti-Malware scan again. This time, instead of doing a full scan I did the quick scan. Once the scan was complete, I again clicked on “Removed Selected” and then compared the list of the files in the log file to the file system to make sure it had deleted the items that it found.
It seemed to work just fine this time.
After some more research, I decided to install the full version with real-time scanning and we’ll see how that goes.
Malwarebyte’s Anti-Spyware did a great job helping me remove this virus without having to dig through both the filesystem and registry by hand and I would highly recommend it.