Desktop.ini is a text file hidden by default in Windows Operating System in an attempt to avert mistaken removal. It is developed early when DOS was created to store initialization information. Every new information will be written into .ini file including desktop.ini. The major feature of Desktop.ini is to help programmers or skillful PC users customize the properties, attributes and appearance of a folder. All Desktop.ini file contain [.ShellClassInfo] section, which is utilized to assign values and thus helps with the folder specification.
In most cases, the below listed are the most commonly seen custom attributes:
Let’s learn the magic by Desktop.ini with two examples offered by VilmaTech Online Support:
Example NO.1:
[ExtShellFolderViews]
{BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC}
[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
Attributes=1
IconArea_Image=11.jpg(tip: “11.jpg” indicates the image you saved on your computer)
[.ShellClassInfo]
ConfirmFileOp=50
By writing the above content in a notepad under a folder and saving it with the name “Desktop.ini”, the background of the folder will be changed to 11.jpg image.
Example NO.2:
[ExtShellFolderViews]
IconArea_Text=0x000000FF(tip: 0x000000FF is the code name for red )
Attributes=1
IconArea_Image=bg04.jpg (tip: “bg04.jpg” indicates the image you saved on your computer)
[.ShellClassInfo]
ConfirmFileOp=0
By writing the above content in a notepad under a folder and saving it with the name “Desktop.ini”, the background of the folder will be changed to bg04.jpg image and the color of the folder will be changed to red. Extra tip: 0x00008000 is for green, 0x00FF0000 is for blue, 0x00FFFFFF is for white.
After this section, it is made clear that Desktop.ini is everywhere in Microsoft Windows system, which is the reason why anti-virus programs will not be able to help fix Desktop.ini file when something wrong happens. Keep reading to seek answers to frequently asked questions about Desktop.ini file. In the event where your Desktop.ini problems are not mentioned in the following article, you are welcome to consult specialized technicians and get your problems solved.
As we have learned from the preceding paragraphs that Desktop.ini contains custom information of folders. If Desktop.ini file is removed randomly, customizations made to folders will be lost. However, it is no big deal to mistakenly remove a desktop.ini file in a Windows system folder since it will be recreated at the next system restart. Therefore the answer is YES.
The following two “desktop.ini” files have been reported to open automatically whenever system starts:
- [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787- [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787.
It should come to your knowledge that “LocalizedResourceName” refers to Limited resource name, “@%SystemRoot%\system32” is the address that the name refers; “shell32.dll” refers to Dynamic Link Library where contains information like ICO address; “-21787” is equivalent to ID/index.
Most PC users mistakenly think that the two desktop.ini files are vicious due to the weird activity. They can be stopped if their startup components are removed from system configuration. Though the two desktop.ini files are not virus, it should arouse your precaution that something has made modifications to the target system and vulnerability has come into being. Optimizations should be undertaken right away in an attempt to prevent intrusive infiltrations.
The mostly utilized system files by infections are Svchost.exe and winlogon.exe. The reason that virus like Win32:Malware-gen would affect Desktop.ini file is the same as that would affect autorun.inf. The ability to recreate removed item attract infections and thus there have been more warning alert about Desktop.ini, its error messages and related problems:
The above problems are not directly caused by affected Desktop.ini. Due to the protection by desktop.ini, other vicious deeds are allowed to be executed smoothly to give rise to the above listed problems without the fear of being removed permanently.
According to the experience from Global PC Support Center, the content of Desktop.ini created by infections is mainly a series of mazy characters coupled with date, which is not making Desktop.ini as hazardous as an executable file.
PC users can also check for any weird activities in Task Manager, installed security utilities, browsers (Firefox, Chrome, Opera, IE) on the sudden occurrence of desktop.ini. If everything’s shown to be normal, then the desktop.ini file is genuine.
In most cases, affected desktop.ini file will be shown together with autorun,inf under the root directory. Herein, VilmaTech Online Support would like to take Worm.Script.VBS.Agent.bz as example to give concrete knowledge for your reference:
The content of affected desktop.ini:
The content of affected autorun.inf:
There was once a case where _desktop.ini confuses wide range of PC users. Always bear in mind that the genuine name for desktop.ini file is “desktop.ini” now and forever rather than others like _desktop.ini.
It is a knot when virus affect desktop.ini file to help with infiltration. Below is the manual instruction offered by VilmaTech Online Support given the fact that anti-virus programs are not able to deal with system items. Be noted that the below instruction pertains to fixing desktop.ini problems. If you want to remove the virus detected by installed security utilities that has affected desktop.ini file, more steps are required. On the occurrence of confusion in the middle of the fix, it is advisable to get professional assistance from recommended online PC security service.
Tip: such situation can be seldom seen; one should pay attention to any vulnerability, especially web vulnerability afterwards.
Windows 7/XP/Vista
Windows 8
Attention: to exterminate web vulnerability, it is wise to reset browser settings and apply some steps to tighten up web security.
Step one: reset browser settings.
Internet Explorer
Click on the Tools menu to select Internet Options; then tap Advanced tab to press Restore Defaults button and then press OK for confirmation.
Mozilla Firefox
Click on the Firefox menu to select Help; then choose Troubleshooting information in its drop-down list to press ‘Reset Firefox’ button.
Google Chrome
Click on ‘Customize and Control Google Chrome’ menu to select ‘Options’; tap ‘Under the Hood’ tab to press ‘Reset to Defaults’ button.
Opera
Show hidden files and folders to remove Operapref.ini file under “C:\Users\user_name\AppData\Roaming\Opera\Opera\”.
Step two: tighten up browser security.
rm -f /etc/apache2/mods-enabled/autoindex.load
rm -f /etc/apache2/mods-enabled/autoindex.conf
rm -f /etc/apache2/mods-enabled/dav.load
rm -f /etc/apache2/mods-enabled/dav_fs.conf
rm -f /etc/apache2/mods-enabled/dav_fs.load
rm -f /etc/apache2/mods-enabled/dav_lock.load
1. run reputable anti-virus program to remove detected vicious items as possible and remember the directory of flagged desktop.ini file.
2. end running processes like rundl132.exe, rundll32.exe, logo_1.exe and other strange ones such as WINLOGON.EXE to help fix desktop.ini problem.
3. if you don’t have special preference of folder characteristic, if it recommended to remove all desktop.ini in dustbin and under C:\Windows; or you can navigate to the directory of the flagged desktop.ini file and carry out the following steps:
4. Hit Start Menu to access notepad under “Accessory” to write it with the following text:
del a:\_desktop.ini /f/s/q/a
del b:\_desktop.ini /f/s/q/a
del c:\_desktop.ini /f/s/q/a del d:\_desktop.ini /f/s/q/a
del e:\_desktop.ini /f/s/q/a del g:\_desktop.ini /f/s/q/a del h:\_desktop.ini /f/s/q/a del i:\_desktop.ini /f/s/q/a
del j:\_desktop.ini /f/s/q/a
del k:\_desktop.ini /f/s/q/a
when done, save as the file with suffix “.bat” and double click to execute the file.
To sum up:
Desktop.ini file belongs to Windows system file that contains customization information of folders. The file features a typical ability that is to re-produce removed files at each Windows starts. Because of the capability, desktop.ini is targeted by infections, Trojan horse particularly, to help with re-image after being removed by reputable anti-virus programs. Technically speaking, affected desktop.ini file is not hazardous at all. However, it hinders from successful removal to help make further harms in another way. Therefore no hesitation should be taken in fixing desktop.ini problem. Due to the fact that desktop.ini belongs to system file, it is advisable to fix it with manual way. Should there be any obstacle because of deficient computer knowledge, you are welcome to seek professional help from VilmaTech Online Support that is always within your reach.
Other Articles You Might Be Interested In
Svchost.exe – How to Fix Svchost.exe Problem
Winlogon.exe, Remove Winlogon Process Error Message and Winlogon.exe Virus
Remove Autorun.inf Virus – What Is Autorun.inf and How to Remove Autorun.inf Virus
