Tuesday, November 5, 2013

Desktop.ini – What Is it and How to Fix?

What Is Desktop.ini


Because of the frequent appearance of desktop.ini on the alert warning message by installed anti-virus programs, many PC users start to ask what it is.
By default, desktop.ini is not a virus at all; instead, it is a hidden file in Windows system. The identifiable file is normally used to store personalization of folders exclusively, configure desktop information and resource manager.


Desktop.ini can be Exploited by Infections



By creating a desktop.ini file in a folder, virus manages to hide itself from being detected by users as well as some anti-virus programs.

The commonly seen virus to exploit desktop.ini for infiltration is worm, Trojan or multi-partite virus that is capable of affecting executable files, networking, downloading Trojan that specializes in affecting network.

When virus exploiting desktop.ini file gets on a machine, it then disguises itself to be a normal system file so as to modify registry entries to ensure that the virus will be activated upon each Windows boot. After that, the virus injects its payloads by threads to bypass the monitor by installed Firewall so that it can connect to designated web site for virus downloads. As the same time, the virus would numerate all available share in the intranet in an attempt to spread itself to other computers with weak password.


How to Tell Desktop.ini Is Genuine?


Usually, virus that exploits desktop.ini file will generate desktop.ini as well as autorun.inf together under the root directory. Take Worm.Script.VBS.Agent.bz for example, the virus is flagged by anti-virus program as shown below:


Open both desktop.ini and autorun.inf up

                                                                             (the content of desktop.ini)


                                                                             (the content of autorun.inf)


Obviously, Worm.Script.VBS.Agent.bz uses VBS script to help with its infiltration, and thus the desktop.ini is vicious. Since desktop.ini is by default a system file, programs are not able to help remove virus that uses it for infiltration. Manual way is thus the top option to fix desktop.ini problem. If you still don't know how to differentiate the genuine ones from the frauulent ones, you are welcome to consult computer experts from VilmaTech Online Support.

https://server.iad.liveperson.net/hc/4376723/?cmd=file&file=visitorWantsToChat&site=4376723&byhref=1



Steps to Fix Desktop.ini


One: run powerful anti-virus programs to find out the virus name


Two: end running processes of rundl132.exe, rundll32.exe, logo_1.exe and other strange ones.

Windows8
  • Move mouse over the lower part of the screen.
  • Type ‘Task’ on the Charms bar and hit Enter key.
  • Select Process tab.
  • Search and select running process given above.
  • Click on ‘End task’.

Windows 7/Vista/XP
  • Hold Ctrl, Alt and Delete key combination
  • Select Process tab
  • Search and select running process given above.
  • Click on ‘End Process’.


Three: remove the desktop.ini file.
Since virus uses desktop.ini file for infiltration generates desktop.ini under every folder, therefore, we need to pinpoint the disk where virus exists before using cmd line to help remove all the desktop.ini file there.
  • Press and hold Win key and R key together to bring up a run box.
  • Type “cmd.exe” and hit Enter key.
  • You’ll then see a flashing slash or line, type “/s” there and hit enter key.


Four: modify registry entries.

Windows 7/Vista/XP

Go to the Registry Editor to delete the below listed items by typing ‘regedit’ (without quptation) in Run box.

Windows8

Move your mouse over lower right screen -> charms bar appears -> click Search charm -> type ‘regedit’/‘regedit.exe’ -> hit Enter key -> hold Ctrl and F key together to bring up ‘find’ box -> type keys there and hit Find button to remove them:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run   
“load” “C:\WINDOWS\rundl132.exe”   
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows   
“load” “C:\WINDOWS\rundl132.exe”   
HKEY_LOCAL_MACHINE\SOFTWARE\Soft\DownloadWWW]“auto”=“1”   


Five: reset browsers.

Internet Explorer
  • Open Internet Explorer. 
  • Click on the Tools menu and then select Internet Options. 
  • In the Internet Options window click on the Advanced tab. Then click on the Restore Defaults button and then press OK.
Firefox
  • Click on the Firefox button > Help > Troubleshooting information.
  • A new window pops up with a box containing ‘Reset Firefox’ button on the left uppers corner of the web page:
  • A box pops up for confirmation, please click ‘Reset Firefox’:
Google Chrome
  • Choose ‘Customize and Control Google Chrome’ menu. 
  • Select ‘Options’. 
  • Click ‘Under the Hood’ tab on ‘Options’ window.
  • Click ‘Reset to Defaults’ button.




Do not randomly remove autorun.inf that appears next to desktop.ini file since it is the startup process for every programs. The above steps are applicable to a general situation. Taking the fact that hackers are making effort to create more aggressive virus into consideration, the steps here may not be feasible to new variants. However, the thread is correct and fixed. If one is still affected by other browser malware after fixing desktop.ini, one can go to the center and find correspondent solutions or simply start a live chat with online professionals from VilmaTech Online Support.

http://blog.vilmatech.com/


Reference: Is Desktop.ini Virus and How to Fix it?



No comments: