Desktop Security 2010 - Primary Version FakeRean - Fake Antivirus

Desktop Security 2010 is a primary version that looks like Desktop Defender 2010.
And his installer interface have a green and closed and bright.

After Install he drops junk files and while scanning a voice "NEW VIRUS FOUND" Is hearing on any audio device
His Gui and perfomance issue risk high threat.

Once installed he disable legitimate security center and replace with his false alerts that pretend to be security center by saying Your computer is might be at risk :

The alerts we are meeting while other alerts saying virus alert.
Once we try to ignore it rediects to some options and activation process.
The alerts will look like this.
Will display Spyware Alert , Possible loss of data and mass mail worm

 Once we press a button there is no way to escape :

After ignore will do a unwanted payload.
More worst problems with false alerts is securitycenter.exe he create junk sounds and loud effects and flashing the screen colors and pretend that computer perfomance or something is infected by malware.It Also do a black screen for a while.
Other Alert are behave like security center unknown alert

Nothing will escape the alerts.Also this trojan was helped and sync with other exe files.
If you try to open a program like browser wmplayer mspaint bdcam and more in primary version will show a error like this:

 On pressing on OK Button or anything the scan has been started with new virus found
This Sound VIRUS FOUND it display another alerts :

This alert create a lot of junk and bad files in temp folder.

Less KB and once we try to delete or open them more errors.

And another one that show windows register license info

And After fake alerts a fake blue screen will be show.

After Reboot a hijacked winlogon shell will be right now :

The fake blue screen error will be prepared after 30 minutes of unused pc.
As part the rogue antivirus hijacks and opens a fake task manager

He use a taskmgr.dll to hijack and inject.Virus free processes are free kill and any attempt to kill a process INFECTED will rediect to activation.
And blank and other payload (Blank screen flashing and loud sound the loud sound was also hear by mixer)

The process.
The program files will look like this :

The setup file called SoftwareInstall[1].exe

MD5

14c54dc822a59ccbd436ef226ddb648b

SHA-1

87d620edf59390371066daebb86e0cc081b38c2d

SHA-256

493a1fce7927471d9c745d6bddd8aa9ce7944d3b06de64404664e243c44d3b94

 The av results are
Avira : TR/FakeAV.CD.1
F-prot W32/MalwareS.ITF
ESET ADWARE.DESKTOPDEFENDER2010.AC
Microsoft : Rogue:Win32/FakeRean

Kapersky :  Trojan.Win32.FakeAV.cd

And More.

And the activation process.Key is : LIC-1800-FE88-8788-BBED-B26C-899B-14A6-4503-4618-EB85-B7A8-371D-1097-FEBC-B41D-C2B1-7A5F

Same as antivirus solution 2010.He store this key in his registry.

 His Activation Message is changed or is primary Well

 No more annoying things so update is died.

The uninstall Process :

 We need a Key to remove the software and reset so this will work after activation.My Machine id is 92o5n9autvod

Grammar Error very idiotic.

After i debug the uninstall key for my differently machine ID 

 YAY! Here is my private uninstall key : b139228c3241c03a0b0979fde5dd6c2d

Removing This will work only on full version for security reasons.Reseting shell and remove files.

In conclunsion he have same payload as antivirus solution 2010 must go Here.

Bonus some help offline file similar to his official site and payment page

His Page Will look like this :

Video Review :

This was tested on a xp and attempt rkill fail so i see a lot of stuff like that.

I Will post more about discovered malwarerogue thing. :)

Post about upgraded soon.