Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Desktop-play

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Desktop-play?

The Malwarebytes research team has determined that Desktop-play is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by Desktop-play?

You may see this entry in your list of installed programs:

warning4.png

and this warning during install:

main.png

You can find this entry in your Startmenu:

icons.png

and expect this type of advertisments :

warning1.png

While this is the main window of the application itself:

warning2.png

How did Desktop-play get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as a game portal.

How do I remove Desktop-play?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Desktop-play?
  • No, Malwarebytes' Anti-Malware removes Desktop-play completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Desktop-play adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.



protection1.png


Technical details for experts

You will see these signs in a HijackThis log:

O4 - HKLM\..\Run: [dply_en_006010076] "C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe"
O4 - HKLM\..\RunOnce: [updply_en_006010076.exe] C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe -runonce
You may see these signs in FRST logs:
 () C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe
 () C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe
 () C:\Program Files (x86)\dply_en_006010076\desktopplay_widget.exe
 HKLM-x32\...\Run: [dply_en_006010076] => C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe [3978384 2015-08-31] ()
 HKLM-x32\...\RunOnce: [updply_en_006010076.exe] => C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe [3310736 2015-08-31] ()
 C:\Users\{username}\AppData\Local\dply_en_006010076
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
 C:\Program Files (x86)\dply_en_006010076

Desktop-play 000.006010076 (HKLM-x32\...\dply_en_006010076_is1) (Version:  - DESKTOPPLAY)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\dply_en_006010076
       Adds the file desktopplay_widget.exe"="24/08/2015 23:57, 10247312 bytes, A
       Adds the file dply_en_006010076.exe"="31/08/2015 17:07, 3978384 bytes, A
       Adds the file predm.exe"="31/08/2015 10:24, 397304 bytes, A
       Adds the file unins000.dat"="02/09/2015 09:02, 114700 bytes, A
       Adds the file unins000.exe"="02/09/2015 09:02, 711152 bytes, A
       Adds the file unins000.msg"="02/09/2015 09:02, 11408 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY
       Adds the file Desktopplay.lnk"="02/09/2015 09:02, 1138 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\dply_en_006010076
       Adds the file updply_en_006010076.cyl"="02/09/2015 09:05, 600 bytes, A
       Adds the file updply_en_006010076.exe"="31/08/2015 17:08, 3310736 bytes, A
       Adds the file user_profil.cyp"="02/09/2015 09:05, 1676 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\dply_en_006010076\dply_en_006010076\1.10
       Adds the file cnf.cyl"="02/09/2015 09:02, 131 bytes, A
       Adds the file eorezo.cyl"="02/09/2015 09:12, 69 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DESKTOPPLAY\dply_en_006010076]
       "PathInstall"="REG_SZ", "C:\Program Files (x86)\dply_en_006010076"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
       "dply_en_006010076"="REG_SZ", ""C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
       "updply_en_006010076.exe"="REG_SZ", "C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe -runonce"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}]
       "DisplayName"="REG_SZ", "Setup"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dply_en_006010076_is1]
       "DisplayName"="REG_SZ", "Desktop-play 000.006010076"
       "EstimatedSize"="REG_DWORD", 6258
       "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\dply_en_006010076"
       "Inno Setup: Icon Group"="REG_SZ", "DESKTOPPLAY"
       "Inno Setup: Language"="REG_SZ", "en"
       "Inno Setup: Setup Version"="REG_SZ", "5.5.5 (a)"
       "Inno Setup: User"="REG_SZ", "{username}"
       "InstallDate"="REG_SZ", "20150902"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\dply_en_006010076\"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "DESKTOPPLAY"
       "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\dply_en_006010076\unins000.exe" /SILENT"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\dply_en_006010076\unins000.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tutorials]
       "HostGUID"="REG_SZ", "B4589A39-5B42-4CBA-9A25-C11DAE8BDDD3"
    [HKEY_CURRENT_USER\Software\Microsoft\Tinstalls]
       "20150902"="REG_SZ", "1"
    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialeshp]
       "(Default)"="REG_SZ", "dply_en_006010076"
       "MainDir"="REG_SZ", "C:\Users\{username}\AppData\Local\dply_en_006010076"
       "version"="REG_SZ", "dply_en_006010076"
    [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialshp]
       "MainDir"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Tutorials\updv]
       "version"="REG_SZ", "15.08.31"
    [HKEY_CURRENT_USER\Software\TutoTag]
       "AgenceInstalledYet"="REG_SZ", "true"
       "OnceInstalled"="REG_SZ", "en"
       "OnceInstalled2"="REG_SZ", "en"

Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/09/2015
Scan Time: 09:23
Logfile: mbamDeskTopPlay.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.02.01
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331130
Time Elapsed: 4 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.EoRezo, C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe, 884, Delete-on-Reboot, [8f8a7dae2f5c74c2fbdbfa9929dcae52]
PUP.Optional.EoRezo, C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe, 2928, Delete-on-Reboot, [3adf6fbc1e6dd462b026781b8283c838]
PUP.Optional.EoRezo, C:\Program Files (x86)\dply_en_006010076\desktopplay_widget.exe, 3168, Delete-on-Reboot, [cd4ced3e018a04325185c5ce887d6997]

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\dply_en_006010076_is1, Quarantined, [ce4bb378ed9e2e08601b583b60a57987], 
PUP.Optional.DeskTopPlay, HKLM\SOFTWARE\WOW6432NODE\DESKTOPPLAY\dply_en_006010076, Quarantined, [948574b7d7b41c1a46bfccf427ddce32], 
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [0712101be9a2a195461f496e47bdb848], 
PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TutoTag, Quarantined, [e83180ab0e7d4aec9ec33384c34151af], 
PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [b366df4ce6a576c049153a7d20e4d030], 
PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [6faa4cdfa8e32e083c23585ff4108878], 
PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updv, Quarantined, [ee2bc7641d6e3600f8689b1cd1339d63], 

Registry Values: 3
PUP.Optional.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|updply_en_006010076.exe, C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe -runonce, Quarantined, [8f8a7dae2f5c74c2fbdbfa9929dcae52]
PUP.Optional.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dply_en_006010076, "C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe", Quarantined, [3adf6fbc1e6dd462b026781b8283c838]
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, B4589A39-5B42-4CBA-9A25-C11DAE8BDDD3, Quarantined, [0712101be9a2a195461f496e47bdb848]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.DeskTopPlay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY, Quarantined, [fc1d85a66922191dc044873926deaf51], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076, Delete-on-Reboot, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\dply_en_006010076, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\dply_en_006010076\1.10, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Program Files (x86)\dply_en_006010076, Delete-on-Reboot, [1cfd6cbfc5c68ea8e9e78f91bf44de22], 

Files: 13
PUP.Optional.EoRezo, C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.exe, Delete-on-Reboot, [8f8a7dae2f5c74c2fbdbfa9929dcae52], 
PUP.Optional.EoRezo, C:\Program Files (x86)\dply_en_006010076\dply_en_006010076.exe, Delete-on-Reboot, [3adf6fbc1e6dd462b026781b8283c838], 
PUP.Optional.EoRezo, C:\Program Files (x86)\dply_en_006010076\desktopplay_widget.exe, Delete-on-Reboot, [cd4ced3e018a04325185c5ce887d6997], 
PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\DeskTopPlay.exe, Quarantined, [8891c8634c3f3ef8c0bb7d169d68718f], 
PUP.Optional.Tuto4PC, C:\Program Files (x86)\dply_en_006010076\predm.exe, Quarantined, [cb4e77b445466ccaadce850e9f6622de], 
PUP.Optional.Tuto4PC, C:\Program Files (x86)\dply_en_006010076\unins000.exe, Quarantined, [ce4bb378ed9e2e08601b583b60a57987], 
PUP.Optional.DeskTopPlay, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DESKTOPPLAY\Desktopplay.lnk, Quarantined, [fc1d85a66922191dc044873926deaf51], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\updply_en_006010076.cyl, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\user_profil.cyp, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\dply_en_006010076\1.10\cnf.cyl, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Users\{username}\AppData\Local\dply_en_006010076\dply_en_006010076\1.10\eorezo.cyl, Quarantined, [85941f0ccac139fd626d5ac6c1422bd5], 
PUP.Optional.DeskTopPlay, C:\Program Files (x86)\dply_en_006010076\unins000.dat, Quarantined, [1cfd6cbfc5c68ea8e9e78f91bf44de22], 
PUP.Optional.DeskTopPlay, C:\Program Files (x86)\dply_en_006010076\unins000.msg, Quarantined, [1cfd6cbfc5c68ea8e9e78f91bf44de22], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.