Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop.ini virus


  • Please log in to reply
5 replies to this topic

#1 belthagor

belthagor

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 16 January 2016 - 09:08 AM

hello everyone

 

Today I saw Two destop.ini icons on my desktop...

 

I read on the internet, well in some places, that this is linked to a virus, or is a virus. (I know perfectly well what desktop.ini is, but before you say the obvious, it just doesn't make sense for TWO icons to randomly appear at the same time on my desktop at the same time)

 

I think I have a rootkit infection, but I am not sure...

 

EzOXMdc.png


Edited by belthagor, 16 January 2016 - 09:19 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:09 AM

Posted 16 January 2016 - 11:55 AM

Desktop.ini is a text file used by Windows for configuration settings that allows you to specify how folder will be viewed, displayed and handled. This file can be added to any Windows folder to store information about customized folders. Desktop.ini allows programmers and advanced users to customize the properties, attributes and appearance of a folder.The most common use of the desktop.ini file is to assign a custom icon to a folder. File system folders are commonly displayed with a standard icon and have a set of properties that describe the folder, such as whether or not the folder is shared. Therefore, if you have customized the display of a folder in any way, such as changing its icon or manner of display, Windows will save those settings in a desktop.ini file. Since Desktop.ini is a system file, it is normally hidden unless Windows is configured to show hidden/protected operating system files in Explorer's Folder Options.If you searched for information about .ini on the Internet you may have read that it is a virus. The .ini file is not malicious, however there have been some malware which exploit the capabilities of the desktop.ini file. There is a lot of useless and misinformation out there especially in regards to malware removal assistance (and removal guides). It is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. When performing search queries, always check multiple sources to confirm the information provided is safe, consistent and from trustworthy web sites.

Usually when a computer is infected with malware there most likely will be obvious indications (signs of infection and malware symptoms) that something is wrong.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 belthagor

belthagor
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 16 January 2016 - 01:00 PM

The .ini file is not malicious, however there have been some malware which exploit the capabilities of the desktop.ini file.

 

This is exactly what I believe is happening.

 

I checked multiple sources as well.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:09 AM

Posted 16 January 2016 - 04:12 PM

This is exactly what I believe is happening.

I checked multiple sources as well.

Please explain why you believe than and what signs of infection you are dealing with.

What sources did you check?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,266 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:09 AM

Posted 16 January 2016 - 04:38 PM


Anytime you come across a suspicious file or you want a second opinion, submit it to one of the online services that analyzes suspicious files.--In the "File to Scan" (Upload or Submit) box, click the "browse" button, navigate to the location of the suspicious file(s) and submit it for analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 marjamar

marjamar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:09 AM

Posted 01 January 2017 - 02:58 PM

Virus infestations MUST have a root system to redeploy upon reset of the computer, or deletion of portions of it's code.  Desktop.ini is a "built-in" area virus' can use as most folders never have a desktop.ini assigned to them.  Also, they are a windows hidden file by default, so most users never have an inkling about what is happening right in front of them.  The key to discovering which "might" contain code is to find out if the file is protected from deletion.  Easy way to find out which are protected is to do a search on C:\ using "desktop.ini".  Just use explorer to do this.  Once found, highlight them all (can be over 200 on some systems) and press delete.  Odds are good you will find many which will not delete.  Now you need to ask yourself, why?  Desktop.ini files will be recreated as needed, so there isn't any reason to lock any of these files, except one -- To protect it.  If they do not need protection why do they and who or what assigned their protection?  System files are often protected, but destop.ini isn't considered a system file ever.

 

People need to realize their computer is not their own.  Simple fact of life.  Now how much of your computer you want others to use for "their" purpose is the real question here.  By far, the highest percentage of all malware is to help these "others" promote their products, goals, or desires in some way or another.  One really good way to do this by keeping tabs on your every computer move.  Can't do this by cookies alone, so PUP's are the next step, and it goes on from there.  

 

I regularly clean up my windows system, most of the time from a linux boot.  I have multi-layers of protection that start at the modem and end with me and everything you can think of in between.  Yet I am ALWAYS infected to some degree.  Believe me, you are too!  Even Microsoft does this themselves with their windows products -- They always have.  They are perhaps, even the most aggressive at it, because they build it in the Windows product.  They also provide the many of the useful tools most hackers use, right in windows.  So it's just a matter of finding a way to slip in, and that isn't a problem at all in just about any system.  Tools are abundant and free (mostly) to do this and not at all hard to come by over the internet.

 

When someone tries to convince you, you are not infected, leave politely, but leave and find someone who actually can help.  Far too many "trust" what is given to them, as long as it is something they are hoping to have. Truth is, any form of malware should go squarely against that "trust" and should tip you off to go in a different direction then they are trying to provide to you.

 

Since 1969 I have been involved with computers and have seen all of it personally.  What I know today, which I did not know 15 or 20 years ago is, you will never win the war fighting off malware, you will at best, win a battle.  Most of the time you will be doing good to fend off the battle for a later date.

 

My 2 cents.

 

-Rodger






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users