YooCare.com > YooCare Blog > How to Get Rid of Desktop.ini Virus Completely? (Manual Removal Guide)

How to Get Rid of Desktop.ini Virus Completely? (Manual Removal Guide)

What is Desktop.ini Virus?

Desktop.ini is a hidden file which belongs to a Windows system file that stores information about customized folders. However, users should know malware can hide itself by wearing a safe file name mask. Thus, it is important to note where this file is located. Recently many users who get viruses such as TR/ATRAPS.Gen2, Win64:ZAcces-E [Rtk] as well as Trojan.0access will encounter this issue. It will keep showing the Trojan is in desktop.ini and some GAC hidden files in the assembly folder. But users will feel difficult to get access to this location and remove the virus. Once downloaded, the trojan will make chaos to the infected system. Antivirus will keep showing you the trojan is located in C:\Windows\assembly\GAC_32 or C:\Windows\assembly\GAC_34. However, any removal operations are just vain. The virus embeds in the root of the system. It will disable all your security programs, open the backdoor to invite the remote server, and then try to attack the weak administrator passwords and steal your personal information. It runs high risks for the compromised system and even its network environment. To sum up, the virus violates your privacy and compromises your security that needs to be removed from your machine immediately upon detection.

Manual removal is for experienced users only. When you perform the following guides, back up your data first. If you need any help, please live chat with YooCare experts now.

Manual Removal Guides:

1. Reboot your computer to safe mode with networking. As your computer restarts but before Windows launches, tap “F8″ key constantly.

2. Show hidden files and folders.

Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.

Click the View tab.

Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.

3. Open Registry entries. Find out the malicious files and entries and then delete all.

Attention: Always be sure to back up your PC before making any changes.

a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.

b. All malicious files and registry entries that should be deleted:

%AllUsersProfile%\[random]
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\.dll
%UserProfile%\Start Menu\Programs\Desktop.ini

C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\Installer\{1ec6a51f-804c-3b4d-6c80-a239b6741082}\n
C:\Windows\Installer\…\000000cb.@

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\

Video Shows You How to Safely Modify Windows Registry Editor:

If you failed to remove this Trojan with the instructions above or need any assistant, you are welcome to contact YooCare experts to resolve all the problems completely.

Jul10

Published by Sarah Poehler, last updated on August 17, 2012 5:05 pm | How to Guides

6 Responses to “How to Get Rid of Desktop.ini Virus Completely? (Manual Removal Guide)”

  1. william says:

    I don’t understand why the trojan can install itself, but the antivirus program mcaffee is provided by time warner, can’t access the file to remove it. I suspect that other antivirus packages protect against this, since almost everyone who has posted about it has mcaffee. TW used to provide computer associates, and I never had a problem like this in 6 years. Active scan was enabled, so why didn’t it find the trojan. Is the problem that McaAfee sucks? Perhaps the real answer is to blow windows off your hard drive, and install Ubuntu. Got an Ubuntu desktop, never had a problem like this.

  2. TheInsane4 says:

    Some reason it will not let me access the start menu and application data instead it says access denied. I try to make it full control but it will not let me, please help me :D

  3. TheInsane4 says:

    I forgot to mention that what do you mean by these?
    %AllUsersProfile%\[random]
    %AllUsersProfile%\Application Data\~r
    %AllUsersProfile%\Application Data\.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
    Thanks for the help :D

  4. Samie says:

    Hi. I tried to follow the instructions but when i try to reboot my computer in order to get to safe mode, there is an additional option of repair your computer. When i click on safe mode and get to the control panel i cant find the option for ” appearence and personalisation”. I dont know what to do now. This darn trojan virus is everywhere. Please help me.

  5. aubrey says:

    by doing this, would it delete all my files just like reformatting a pc?

  6. HASMUKH PATEL says:

    Norton 2013 also not detect it.

Leave a Reply


one + = 2

Problems with your computer?