What is Desktop Improver?
The Malwarebytes research team has determined that Desktop Improver is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Desktop Improver?
You may see this entry in your list of installed programs:
and these warnings during install:
and this Scheduled Task:
This is the main screen of the program:
and you may see this icon on your desktop:
How did Desktop Improver get on my computer?
Adware applications use different methods for distributing themselves. This particular one was offered as computer optimizing software.
How do I remove Desktop Improver?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Desktop Improver completely.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Desktop Improver adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
O4 - HKLM\..\RunOnce: [updimp_en_152010145.exe] C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonceYou may see these signs in FRST logs:
() C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe (Tuto4PC.Com) C:\Program Files (x86)\Desktop Improver\DITray.exe (Tuto4PC.Com) C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe HKLM-x32\...\RunOnce: [updimp_en_152010145.exe] => C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe [3323456 2015-11-13] () C:\Users\{username}\AppData\Local\dimp_en_152010145 C:\Users\{username}\AppData\Roaming\Desktop Improver C:\Windows\System32\Tasks\Desktop Improver Schedule C:\Users\{username}\Desktop\Desktop Improver.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver C:\Program Files (x86)\dimp_en_152010145 C:\Program Files (x86)\Desktop Improver Desktop Improve 152.1.145 (HKLM-x32\...\dimp_en_152010145_is1) (Version: - J.O.H.N.) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION Task: {B7076705-88B8-44EB-BCC4-F7112369339B} - System32\Tasks\Desktop Improver Schedule => C:\Program Files (x86)\Desktop Improver\DITray.exe [2015-09-11] (Tuto4PC.Com)Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Desktop Improver Adds the file 7z.dll"="18/11/2010 21:27, 914432 bytes, A Adds the file DesktopImprover.chm"="04/09/2015 18:37, 17173 bytes, A Adds the file DesktopImprover.exe"="11/09/2015 17:30, 4552312 bytes, A Adds the file DITray.exe"="11/09/2015 17:30, 1330296 bytes, A Adds the file English.ini"="27/03/2015 16:51, 13428 bytes, A Adds the file file_id.diz"="04/09/2015 18:37, 568 bytes, A Adds the file HomePage.url"="14/11/2015 09:39, 193 bytes, A Adds the file Japanese.ini"="10/12/2014 13:28, 20047 bytes, A Adds the file scan.gif"="05/04/2012 21:21, 56626 bytes, A Adds the file sqlite3.dll"="25/12/2013 14:15, 642016 bytes, A Adds the file stub64.exe"="11/09/2015 17:30, 69240 bytes, A Adds the file unins000.dat"="14/11/2015 09:39, 17023 bytes, A Adds the file unins000.exe"="14/11/2015 09:39, 1180752 bytes, A Adds the file unins000.msg"="14/11/2015 09:39, 22701 bytes, A Adds the folder C:\Program Files (x86)\dimp_en_152010145 Adds the file predm.exe"="13/11/2015 09:36, 689448 bytes, A Adds the file unins000.dat"="14/11/2015 09:39, 131685 bytes, A Adds the file unins000.exe"="14/11/2015 09:39, 718497 bytes, A Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver Adds the file Desktop Improver on the Web.lnk"="14/11/2015 09:39, 1195 bytes, A Adds the file Desktop Improver.lnk"="14/11/2015 09:39, 1116 bytes, A Adds the file Help.lnk"="14/11/2015 09:39, 1116 bytes, A Adds the file Uninstall Desktop Improver.lnk"="14/11/2015 09:39, 1081 bytes, A Adds the folder C:\Users\{username}\AppData\Local\dimp_en_152010145 Adds the file updimp_en_152010145.cyl"="14/11/2015 09:39, 428 bytes, A Adds the file updimp_en_152010145.exe"="13/11/2015 13:07, 3323456 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Desktop Improver Adds the file Devices.ini"="14/11/2015 09:40, 107217 bytes, A Adds the file DevicesPlus.ini"="14/11/2015 09:40, 9407 bytes, A Adds the file Drivers64.db"="14/11/2015 09:40, 24164352 bytes, A Adds the file n678a41ea22ad.exe.pre"="14/11/2015 09:40, 7050 bytes, A Adds the file n678a41ea22ad.exe.status"="14/11/2015 09:40, 38 bytes, A Adds the file PCInfo.ini"="14/11/2015 09:39, 88 bytes, A Adds the file program.log"="14/11/2015 09:40, 2564 bytes, A Adds the file Scan.ini"="14/11/2015 09:40, 1025 bytes, A Adds the file snapshot_send"="14/11/2015 09:40, 0 bytes, A In the existing folder C:\Users\{username}\Desktop Adds the file Desktop Improver.lnk"="14/11/2015 09:39, 1098 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file Desktop Improver Schedule"="14/11/2015 09:39, 3258 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "updimp_en_152010145.exe"="REG_SZ", "C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonce" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Desktop Improver_is1] "DisplayName"="REG_SZ", "" "DisplayVersion"="REG_SZ", "3.2" "EstimatedSize"="REG_DWORD", 8590 "HelpLink"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME" "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\Desktop Improver" "Inno Setup: Deselected Tasks"="REG_SZ", "" "Inno Setup: Icon Group"="REG_SZ", "Desktop Improver" "Inno Setup: Language"="REG_SZ", "en" "Inno Setup: Selected Tasks"="REG_SZ", "desktopicon" "Inno Setup: Setup Version"="REG_SZ", "5.5.6 (u)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20151114" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Desktop Improver\" "MajorVersion"="REG_DWORD", 3 "MinorVersion"="REG_DWORD", 2 "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Tuto4PC.Com" "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe"" "URLInfoAbout"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME" "URLUpdateInfo"="REG_SZ", "http://webtools.avanquest.com/redirect.cfm?eredirectId=BZ_ML_DESKTOPIMPROVER_HOME" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\dimp_en_152010145_is1] "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe,0" "DisplayName"="REG_SZ", "Desktop Improve 152.1.145" "EstimatedSize"="REG_DWORD", 7575 "Inno Setup: App Path"="REG_SZ", "C:\Program Files (x86)\dimp_en_152010145" "Inno Setup: Icon Group"="REG_SZ", "J.O.H.N." "Inno Setup: Language"="REG_SZ", "default" "Inno Setup: Setup Version"="REG_SZ", "5.5.4 (a)" "Inno Setup: User"="REG_SZ", "{username}" "InstallDate"="REG_SZ", "20151114" "InstallLocation"="REG_SZ", "C:\Program Files (x86)\dimp_en_152010145\" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "oSoftware"="REG_SZ", ""C:\Program Files (x86)\Desktop Improver\unins000.exe"" "Publisher"="REG_SZ", "J.O.H.N." "QuietUninstallString"="REG_SZ", ""C:\Program Files (x86)\dimp_en_152010145\unins000.exe" /SILENT" "UninstallString"="REG_SZ", ""C:\Program Files (x86)\dimp_en_152010145\unins000.exe"" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Tutorials] "HostGUID"="REG_SZ", "9483D170-CFA4-4359-B2DF-221FA6BE313A" [HKEY_CURRENT_USER\Software\deskimp] "version"="REG_SZ", "4.0" [HKEY_CURRENT_USER\Software\Desktop Improver] "AppStart"="REG_DWORD", 1 "BackupPath"="REG_SZ", "C:\Users\{username}\Documents\Desktop Improver\Backup\" "DatabaseDate"="REG_BINARY, .... "DelayedStart"="REG_DWORD", 0 "DownloadPath"="REG_SZ", "C:\Users\{username}\Documents\Desktop Improver\Drivers\" "ForceUpdate"="REG_DWORD", 0 "InstallationDate"="REG_SZ", "11-14-2015" "InstallStat"="REG_DWORD", 1 "Language"="REG_DWORD", 1 "LastDatabaseCheck"="REG_BINARY, .... "LastScan"="REG_BINARY, .... "LastUpdate"="REG_BINARY, .... "nDownloads"="REG_DWORD", 3 "OutdatedDrivers"="REG_DWORD", 1 "ProxyAddress"="REG_SZ", "" "ProxyLogin"="REG_SZ", "" "ProxyPassword"="REG_SZ", "" "ProxyPort"="REG_SZ", "" "s_Enable"="REG_DWORD", 0 "s_Exec"="REG_DWORD", 0 "s_Mode"="REG_DWORD", 0 "s_SmartDate"="REG_BINARY, .... "s_SmartExec"="REG_DWORD", 0 "s_SmartMode"="REG_DWORD", 0 "s_SmartScan"="REG_DWORD", 1 "s_Time"="REG_BINARY, .... "ScanExecuted"="REG_DWORD", 1 "SetupName"="REG_SZ", "C:\Users\{username}1\AppData\Local\Temp\is-TE330.tmp\desktop_improver.exe" "ShowAlertMessages"="REG_DWORD", 1 "ShowRebootMessage"="REG_DWORD", 1 "ShowSRPMessage"="REG_DWORD", 1 "ShowUpdateWindow"="REG_DWORD", 0 "StartWithWindows"="REG_DWORD", 0 "TotalDrivers"="REG_DWORD", 61 "TrayNotification"="REG_DWORD", 1 "UpdateWindowShown"="REG_DWORD", 0 "UseProxy"="REG_DWORD", 0 [HKEY_CURRENT_USER\Software\Microsoft] "Tinstalls"="REG_SZ", "1" [HKEY_CURRENT_USER\Software\Microsoft\Tinstalls] "20151114"="REG_SZ", "1" [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialeshp] "MainDir"="REG_SZ", "C:\Users\{username}\AppData\Local\dimp_en_152010145" "version"="REG_SZ", "dimp_en_152010145" [HKEY_CURRENT_USER\Software\Tutorials\updatetutorialshp] "MainDir"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Tutorials\updv] "version"="REG_SZ", "15.11.13"Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 14/11/2015 Scan Time: 09:55 Logfile: mbamDesktopImprover.txt Administrator: Yes Version: 2.2.0.1020 Malware Database: v2015.11.14.01 Rootkit Database: v2015.11.13.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 308312 Time Elapsed: 4 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe, 2004, Delete-on-Reboot, [5e8bb6c7d6b54ee82721164edb2960a0] PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe, 3356, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a] Modules: 1 PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\sqlite3.dll, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], Registry Keys: 10 PUP.Optional.Cloud4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Desktop Improver_is1, Quarantined, [da0f027bbccf3501904c2a4ae81c817f], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Desktop Improver Schedule, Delete-on-Reboot, [bd2c2e4f0289f93d7231a3357390f60a], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\dimp_en_152010145_is1, Quarantined, [a4456b12d4b7e5511a8c8850d52e02fe], PUP.Optional.MySearch123, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}, Quarantined, [5792a5d8f09b8fa778d8ae29986b669a], PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [61886815acdf2e0821a8edab3cc730d0], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\Desktop Improver, Quarantined, [30b9235a008b92a4cad75385ac57c739], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TutoTag, Quarantined, [28c16815c9c2db5be5e02474b84b867a], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialeshp, Quarantined, [8267334a4d3e2b0bedd59cfcbf44aa56], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updatetutorialshp, Quarantined, [e3060d7034573ef820a3d1c74cb703fd], PUP.Optional.Tuto4PC, HKCU\SOFTWARE\TUTORIALS\updv, Quarantined, [6782532a464545f117ad4751a16241bf], Registry Values: 2 PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 9483D170-CFA4-4359-B2DF-221FA6BE313A, Quarantined, [61886815acdf2e0821a8edab3cc730d0] PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|updimp_en_152010145.exe, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe -runonce, Quarantined, [08e16d102467b3837424dea654aed62a] Registry Data: 0 (No malicious items detected) Folders: 4 PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], Files: 26 PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.exe, Delete-on-Reboot, [5e8bb6c7d6b54ee82721164edb2960a0], PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\DesktopImprover.exe, Quarantined, [af3a0c71dfac36005597c0ddf60b9868], PUP.Optional.Cloud4PC, C:\Program Files (x86)\Desktop Improver\stub64.exe, Quarantined, [10d956272863d75f06d681f333d14eb2], PUP.Optional.Cloud4PC, C:\Program Files (x86)\Desktop Improver\unins000.exe, Quarantined, [da0f027bbccf3501904c2a4ae81c817f], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\predm.exe, Quarantined, [22c7a7d60e7d80b6db46ed8732d2b54b], PUP.Optional.Tuto4PC, C:\Users\{username}\Desktop\Desktop Improver.lnk, Quarantined, [83668bf2f59672c48d10ca0e7e853bc5], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\HomePage.url, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\7z.dll, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\DesktopImprover.chm, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\English.ini, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\file_id.diz, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\Japanese.ini, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\scan.gif, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\sqlite3.dll, Delete-on-Reboot, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\unins000.dat, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Program Files (x86)\Desktop Improver\unins000.msg, Quarantined, [feebfb825f2caa8cc6d80bcd748f8779], PUP.Optional.Tuto4PC, C:\Windows\System32\Tasks\Desktop Improver Schedule, Quarantined, [ca1fef8e8902fe38c3dc8850a85bc040], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.cyl, Quarantined, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\updimp_en_152010145.exe, Delete-on-Reboot, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Users\{username}\AppData\Local\dimp_en_152010145\user_profil.cyp, Quarantined, [08e16d102467b3837424dea654aed62a], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\unins000.dat, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\Program Files (x86)\dimp_en_152010145\unins000.exe, Quarantined, [42a7e89509827bbb47522064b05242be], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Desktop Improver on the Web.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Desktop Improver.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Help.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], PUP.Optional.Tuto4PC, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop Improver\Uninstall Desktop Improver.lnk, Quarantined, [1dcc7ffef7945adc2c6e4242b44ebc44], Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention