Jump to content

Removal instructions for Desktop Improver

Metallica
 Share

Recommended Posts

  • Staff
Metallica

Metallica

Posted
  • Staff
Posted

What is Desktop Improver?

The Malwarebytes research team has determined that Desktop Improver is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Desktop Improver?

You may see this entry in your list of installed programs:

warning4.png

and these warnings during install:

main.png

warning1.png

warning2.png

and this Scheduled Task:

warning5.png

This is the main screen of the program:

warning3.png

and you may see this icon on your desktop:

icons.png

How did Desktop Improver get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as computer optimizing software.

How do I remove Desktop Improver?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Desktop Improver?
  • No, Malwarebytes' Anti-Malware removes Desktop Improver completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Desktop Improver adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see these signs in a HijackThis log:

O4 - HKLM\..\RunOnce: [updimp_en_152010145.exe] C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonce
You may see these signs in FRST logs:

 () C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe (Tuto4PC.Com) C:\Program Files (x86)\Desktop Improver\DITray.exe (Tuto4PC.Com) C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe HKLM-x32\...\RunOnce: [updimp_en_152010145.exe] => C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe [3323456 2015-11-13] () C:\Users\{username}\AppData\Local\dimp_en_152010145 C:\Users\{username}\AppData\Roaming\Desktop Improver C:\Windows\System32\Tasks\Desktop Improver Schedule C:\Users\{username}\Desktop\Desktop Improver.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver C:\Program Files (x86)\dimp_en_152010145 C:\Program Files (x86)\Desktop ImproverDesktop Improve 152.1.145 (HKLM-x32\...\dimp_en_152010145_is1) (Version:  - J.O.H.N.)Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTIONTask: {B7076705-88B8-44EB-BCC4-F7112369339B} - System32\Tasks\Desktop Improver Schedule => C:\Program Files (x86)\Desktop Improver\DITray.exe [2015-09-11] (Tuto4PC.Com)
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files (x86)\Desktop Improver       Adds the file 7z.dll"="18/11/2010 21:27, 914432 bytes, A       Adds the file DesktopImprover.chm"="04/09/2015 18:37, 17173 bytes, A       Adds the file DesktopImprover.exe"="11/09/2015 17:30, 4552312 bytes, A       Adds the file DITray.exe"="11/09/2015 17:30, 1330296 bytes, A       Adds the file English.ini"="27/03/2015 16:51, 13428 bytes, A       Adds the file file_id.diz"="04/09/2015 18:37, 568 bytes, A       Adds the file HomePage.url"="14/11/2015 09:39, 193 bytes, A       Adds the file Japanese.ini"="10/12/2014 13:28, 20047 bytes, A       Adds the file scan.gif"="05/04/2012 21:21, 56626 bytes, A       Adds the file sqlite3.dll"="25/12/2013 14:15, 642016 bytes, A       Adds the file stub64.exe"="11/09/2015 17:30, 69240 bytes, A       Adds the file unins000.dat"="14/11/2015 09:39, 17023 bytes, A       Adds the file unins000.exe"="14/11/2015 09:39, 1180752 bytes, A       Adds the file unins000.msg"="14/11/2015 09:39, 22701 bytes, A    Adds the folder C:\Program Files (x86)\dimp_en_152010145       Adds the file predm.exe"="13/11/2015 09:36, 689448 bytes, A       Adds the file unins000.dat"="14/11/2015 09:39, 131685 bytes, A       Adds the file unins000.exe"="14/11/2015 09:39, 718497 bytes, A    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver       Adds the file Desktop Improver on the Web.lnk"="14/11/2015 09:39, 1195 bytes, A       Adds the file Desktop Improver.lnk"="14/11/2015 09:39, 1116 bytes, A       Adds the file Help.lnk"="14/11/2015 09:39, 1116 bytes, A       Adds the file Uninstall Desktop Improver.lnk"="14/11/2015 09:39, 1081 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\dimp_en_152010145       Adds the file updimp_en_152010145.cyl"="14/11/2015 09:39, 428 bytes, A       Adds the file updimp_en_152010145.exe"="13/11/2015 13:07, 3323456 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Desktop Improver       Adds the file Devices.ini"="14/11/2015 09:40, 107217 bytes, A       Adds the file DevicesPlus.ini"="14/11/2015 09:40, 9407 bytes, A       Adds the file Drivers64.db"="14/11/2015 09:40, 24164352 bytes, A       Adds the file n678a41ea22ad.exe.pre"="14/11/2015 09:40, 7050 bytes, A       Adds the file n678a41ea22ad.exe.status"="14/11/2015 09:40, 38 bytes, A       Adds the file PCInfo.ini"="14/11/2015 09:39, 88 bytes, A       Adds the file program.log"="14/11/2015 09:40, 2564 bytes, A       Adds the file Scan.ini"="14/11/2015 09:40, 1025 bytes, A       Adds the file snapshot_send"="14/11/2015 09:40, 0 bytes, A    In the existing folder C:\Users\{username}\Desktop       Adds the file Desktop Improver.lnk"="14/11/2015 09:39, 1098 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file Desktop Improver Schedule"="14/11/2015 09:39, 3258 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]       "updimp_en_152010145.exe"="REG_SZ", "C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonce"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Improver_is1]       "DisplayName"="REG_SZ", ""       "DisplayVersion"="REG_SZ", "3.2"       "EstimatedSize"="REG_DWORD", 8590       "HelpLink"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME"       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Desktop Improver"       "Inno Setup: Deselected Tasks"="REG_SZ", ""       "Inno Setup: Icon Group"="REG_SZ", "Desktop Improver"       "Inno Setup: Language"="REG_SZ", "en"       "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon"       "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)"       "Inno Setup: User"="REG_SZ", "{username}"       "InstallDate"="REG_SZ", "20151114"       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Desktop Improver\"       "MajorVersion"="REG_DWORD", 3       "MinorVersion"="REG_DWORD", 2       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Tuto4PC.Com"       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe" /SILENT"       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe""       "URLInfoAbout"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME"       "URLUpdateInfo"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dimp_en_152010145_is1]       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe,0"       "DisplayName"="REG_SZ", "Desktop Improve 152.1.145"       "EstimatedSize"="REG_DWORD", 7575       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\dimp_en_152010145"       "Inno Setup: Icon Group"="REG_SZ", "J.O.H.N."       "Inno Setup: Language"="REG_SZ", "default"       "Inno Setup: Setup Version"="REG_SZ", "5.5.4 (a)"       "Inno Setup: User"="REG_SZ", "{username}"       "InstallDate"="REG_SZ", "20151114"       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\dimp_en_152010145\"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "oSoftware"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe""       "Publisher"="REG_SZ", "J.O.H.N."       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\dimp_en_152010145\unins000.exe" /SILENT"       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\dimp_en_152010145\unins000.exe""    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tutorials]       "HostGUID"="REG_SZ", "9483D170-CFA4-4359-B2DF-221FA6BE313A"    [HKEY_CURRENT_USER\Software\deskimp]       "version"="REG_SZ", "4.0"    [HKEY_CURRENT_USER\Software\Desktop Improver]       "AppStart"="REG_DWORD", 1       "BackupPath"="REG_SZ", "C:\Users\{username}\Documents\Desktop Improver\Backup\"       "DatabaseDate"="REG_BINARY, ....       "DelayedStart"="REG_DWORD", 0       "DownloadPath"="REG_SZ", "C:\Users\{username}\Documents\Desktop Improver\Drivers\"       "ForceUpdate"="REG_DWORD", 0       "InstallationDate"="REG_SZ", "11-14-2015"       "InstallStat"="REG_DWORD", 1       "Language"="REG_DWORD", 1       "LastDatabaseCheck"="REG_BINARY, ....       "LastScan"="REG_BINARY, ....       "LastUpdate"="REG_BINARY, ....       "nDownloads"="REG_DWORD", 3       "OutdatedDrivers"="REG_DWORD", 1       "ProxyAddress"="REG_SZ", ""       "ProxyLogin"="REG_SZ", ""       "ProxyPassword"="REG_SZ", ""       "ProxyPort"="REG_SZ", ""       "s_Enable"="REG_DWORD", 0       "s_Exec"="REG_DWORD", 0       "s_Mode"="REG_DWORD", 0       "s_SmartDate"="REG_BINARY, ....       "s_SmartExec"="REG_DWORD", 0       "s_SmartMode"="REG_DWORD", 0       "s_SmartScan"="REG_DWORD", 1       "s_Time"="REG_BINARY, ....       "ScanExecuted"="REG_DWORD", 1       "SetupName"="REG_SZ", "C:\Users\{username}1\AppData\Local\Temp\is-TE330.tmp\desktop_improver.exe"       "ShowAlertMessages"="REG_DWORD", 1       "ShowRebootMessage"="REG_DWORD", 1       "ShowSRPMessage"="REG_DWORD", 1       "ShowUpdateWindow"="REG_DWORD", 0       "StartWithWindows"="REG_DWORD", 0       "TotalDrivers"="REG_DWORD", 61       "TrayNotification"="REG_DWORD", 1       "UpdateWindowShown"="REG_DWORD", 0       "UseProxy"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\Microsoft]       "Tinstalls"="REG_SZ", "1"    [HKEY_CURRENT_USER\Software\Microsoft\Tinstalls]       "20151114"="REG_SZ", "1"    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialeshp]       "MainDir"="REG_SZ", "C:\Users\{username}\AppData\Local\dimp_en_152010145"       "version"="REG_SZ", "dimp_en_152010145"    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialshp]       "MainDir"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\Tutorials\updv]       "version"="REG_SZ", "15.11.13"
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 14/11/2015Scan Time: 09:55Logfile: mbamDesktopImprover.txtAdministrator: YesVersion: 2.2.0.1020Malware Database: v2015.11.14.01Rootkit Database: v2015.11.13.01License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 308312Time Elapsed: 4 min, 30 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 2PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe, 2004, Delete-on-Reboot, [5e8bb6c7d6b54ee82721164edb2960a0]PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe, 3356, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a]Modules: 1PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\sqlite3.dll, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], Registry Keys: 10PUP.Optional.Cloud4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Desktop Improver_is1, Quarantined, [da0f027bbccf3501904c2a4ae81c817f], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Desktop Improver Schedule, Delete-on-Reboot, [bd2c2e4f0289f93d7231a3357390f60a], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\dimp_en_152010145_is1, Quarantined, [a4456b12d4b7e5511a8c8850d52e02fe], PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, Quarantined, [5792a5d8f09b8fa778d8ae29986b669a], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [61886815acdf2e0821a8edab3cc730d0], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\Desktop Improver, Quarantined, [30b9235a008b92a4cad75385ac57c739], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TutoTag, Quarantined, [28c16815c9c2db5be5e02474b84b867a], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [8267334a4d3e2b0bedd59cfcbf44aa56], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [e3060d7034573ef820a3d1c74cb703fd], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updv, Quarantined, [6782532a464545f117ad4751a16241bf], Registry Values: 2PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 9483D170-CFA4-4359-B2DF-221FA6BE313A, Quarantined, [61886815acdf2e0821a8edab3cc730d0]PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|updimp_en_152010145.exe, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonce, Quarantined, [08e16d102467b3837424dea654aed62a]Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], Files: 26PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe, Delete-on-Reboot, [5e8bb6c7d6b54ee82721164edb2960a0], PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\DesktopImprover.exe, Quarantined, [af3a0c71dfac36005597c0ddf60b9868], PUP.Optional.Cloud4PC, C:\Program Files (x86)\Desktop Improver\stub64.exe, Quarantined, [10d956272863d75f06d681f333d14eb2], PUP.Optional.Cloud4PC, C:\Program Files (x86)\Desktop Improver\unins000.exe, Quarantined, [da0f027bbccf3501904c2a4ae81c817f], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\predm.exe, Quarantined, [22c7a7d60e7d80b6db46ed8732d2b54b], PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\Desktop Improver.lnk, Quarantined, [83668bf2f59672c48d10ca0e7e853bc5], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\HomePage.url, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\7z.dll, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.chm, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\English.ini, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\file_id.diz, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\Japanese.ini, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\scan.gif, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\sqlite3.dll, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\unins000.dat, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\unins000.msg, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Windows\System32\Tasks\Desktop Improver Schedule, Quarantined, [ca1fef8e8902fe38c3dc8850a85bc040], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.cyl, Quarantined, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\user_profil.cyp, Quarantined, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\unins000.dat, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\unins000.exe, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Desktop Improver on the Web.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Desktop Improver.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Help.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Uninstall Desktop Improver.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.