Documente Academic
Documente Profesional
Documente Cultură
In most cases, the below listed are the most commonly seen custom attributes:
ConfirmFileOp: when it is set to 0, error message warning You Are Deleting a System Folder will be
triggered when a folder is removed.
IconFile: it shows the path of icon files and helps to specify a custom icon file such as .ico, .exe or .dll.
IconIndex: when it is set to 0, only one icon will be displayed.
InfoTip: a string of informational text will appear when mouse is hovered over a folder.
Lets learn the magic by Desktop.ini with two examples offered by VilmaTech Online Support:
Example NO.1:
[ExtShellFolderViews]
{BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC}
[{BE098140-A513-11D0-A3A4-00C04FD706EC}]
Attributes=1
IconArea_Image=11.jpg(tip: 11.jpg indicates the image you saved on your computer)
[.ShellClassInfo]
ConfirmFileOp=50
By writing the above content in a notepad under a folder and saving it with the name Desktop.ini, the
background of the folder will be changed to 11.jpg image.
Example NO.2:
[ExtShellFolderViews]
IconArea_Text=0x000000FF(tip: 0x000000FF is the code name for red )
Attributes=1
IconArea_Image=bg04.jpg (tip: bg04.jpg indicates the image you saved on your computer)
[.ShellClassInfo]
ConfirmFileOp=0
By writing the above content in a notepad under a folder and saving it with the name Desktop.ini, the
background of the folder will be changed to bg04.jpg image and the color of the folder will be changed to red.
Extra tip: 000008000 is for green, 0x00FF0000 is for blue, 0x00FFFFFF is for white.
After this section, it is made clear that Desktop.ini is everywhere in Microsoft Windows system, which is the
reason why anti-virus programs will not be able to help fix Desktop.ini file when something wrong happens.
Keep reading to seek answers to frequently asked questions about Desktop.ini file. In the event where your
Desktop.ini problems are not mentioned in the following article, you are welcome to consult specialized
technicians (https://plus.google.com/u/0/112671360248060681646/about?rel=author)and get your problems
solved.
1. [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787
(mailto:LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787)
2. [.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787.
(mailto:LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787.)
It should come to your knowledge that LocalizedResourceName refers to Limited resource name,
@%SystemRoot%\system32 is the address that the name refers; shell32.dll refers to Dynamic Link Library
where contains information like ICO address; -21787 is equivalent to ID/index.
Most PC users mistakenly think that the two desktop.ini files are vicious due to the weird activity. They can be
stopped if their startup components are removed from system configuration. Though the two desktop.ini files
are not virus, it should arouse your precaution that something has made modifications to the target system
and vulnerability has come into being. Optimizations should be undertaken right away in an attempt to prevent
intrusive infiltrations.
Tell Difference
According to the experience from Global PC Support Center, the content of Desktop.ini created by infections
is mainly a series of mazy characters coupled with date, which is not making Desktop.ini as hazardous as an
executable file.
PC users can also check for any weird activities in Task Manager, installed security utilities, browsers (Firefox,
Chrome, Opera, IE) on the sudden occurrence of desktop.ini. If everythings shown to be normal, then the
desktop.ini file is genuine.
In most cases, affected desktop.ini file will be shown together with autorun,inf under the root directory. Herein,
VilmaTech Online Support would like to take Worm.Script.VBS.Agent.bz as example to give concrete
knowledge for your reference:
The content of affected desktop.ini:
There was once a case where _desktop.ini confuses wide range of PC users. Always bear in mind that the
genuine name for desktop.ini file is desktop.ini now and forever rather than others like _desktop.ini.
It is a knot when virus affect desktop.ini file to help with infiltration. Below is the manual instruction offered by
VilmaTech Online Support given the fact that anti-virus programs are not able to deal with system items. Be
noted that the below instruction pertains to fixing desktop.ini problems. If you want to remove the virus
detected by installed security utilities that has affected desktop.ini file, more steps are required. On the
occurrence of confusion in the middle of the fix, it is advisable to get professional assistance from
recommended online PC security service (http://blog.vilmatech.com/).
Find anything related to desktop.ini and press Disable all to stop it from opening up automatically.
Windows 8
Enable Charms bar by hovering mouse to borders to any direction.
Type Task and hit Enter key to select Task Manager in the popup screen with arrow keys.
Hit Enter key to navigate to Startup tab and find anything related to desktop.ini.
Attention: to exterminate web vulnerability, it is wise to reset browser settings and apply some steps to tighten
up web security.
Step one: reset browser settings.
Internet Explorer
Click on the Tools menu to select Internet Options; then tap Advanced tab to press Restore Defaults button
and then press OK for confirmation.
Mozilla Firefox
Click on the Firefox menu to select Help; then choose Troubleshooting information in its drop-down list to
press Reset Firefox button.
Google Chrome
Click on Customize and Control Google Chrome menu to select Options; tap Under the Hood tab to press
Reset to Defaults button.
Opera
Show hidden files and folders to remove Operapref.ini file under C:\Users\user_name\AppData\Roaming
\Opera\Opera\.
Check permissions assigned to shared network drives to limit the number of people who can make
modifications
Set each PCs software management tools to prevent vicious items from accessing certain critical
directories.
Restrict vulnerability in IIS (Internet Information Services).
Impose restrictions on Apache HTTP Server to prevent virus from reading all information of the machine.
Disable WebDAV to assure that virus cannot modify files to upload vicious codes by deleting dav, dav_fs
and dav_lock files on terminal through commands:
rm -f /etc/apache2/mods-enabled/dav.load
rm -f /etc/apache2/mods-enabled/dav_fs.conf
rm -f /etc/apache2/mods-enabled/dav_fs.load
rm -f /etc/apache2/mods-enabled/dav_lock.load
Install website monitor, Firewall to help filter junk sites and sites with sensitive content so as to decrease
the possibility to be affected by virus.
Adopt IDS (Intrusion Detect System) to analyze collected information from computer networks or
computing system in an attempt to help detect any action violating security policy and sign of under attack.
Turn off request from TRACE HTTP to prevent online conversation from being hijacked by navigating the
terminal to /etc/apache2/apache2.conf.
run reputable anti-virus program to remove detected vicious items as possible and remember the
end running processes like rundl132.exe, rundll32.exe, logo_1.exe and other strange ones such as
3.
if you dont have special preference of folder characteristic, if it recommended to remove all desktop.ini in
dustbin and under C:\Windows; or you can navigate to the directory of the flagged desktop.ini file and carry
out the following steps:
Hold Win key and R key at once to bring up Run box again.
Type CMD.exe and hit Enter key to bring up a black box with flashing slash/line.
Type /s and hit Enter key, which will help you remove all desktop.ini file under that directory.
4.
Hit Start Menu to access notepad under Accessory to write it with the following text:
i:\_desktop.ini /f/s/q/a
del
when done, save as the file with suffix .bat and double click to execute the file.
To sum up:
Desktop.ini file belongs to Windows system file that contains customization information of folders. The file
features a typical ability that is to re-produce removed files at each Windows starts. Because of the capability,
desktop.ini is targeted by infections, Trojan horse particularly, to help with re-image after being removed by
reputable anti-virus programs. Technically speaking, affected desktop.ini file is not hazardous at all. However,
it hinders from successful removal to help make further harms in another way. Therefore no hesitation should
be taken in fixing desktop.ini problem. Due to the fact that desktop.ini belongs to system file, it is advisable to
fix it with manual way. Should there be any obstacle because of deficient computer knowledge, you are
welcome to seek professional help from VilmaTech Online Support (http://www.vilmatech.com
/services.html)that is always within your reach.