Trojan virus detected in C:\windows\assembly\gac_32\desktop.ini and you cannot remove it? Last night i was scanning my computer by AVG and it found 2 Trojans. After selecting to remove these threats I was prompted to restart the laptop which I did. It was then that I found problems, the screen would stay of ‘Starting Windows’ and then show a black screen, I assume this is a blue screen error. I then retried turning on the computer but pressing F8 and going into Safe Mode, this did not work, nor did System Repair or Restore, however, it did tell me I had a C:\Windows\assembly\GAC_32\Desktop.ini problem. How can I solve this issue?
Recently there are many PC users have C:\windows\assembly\gac_32\desktop.ini problem and find it hard to solved. Basically, this issue happen due to malicious Trojans such as Win64/Patched.A, Win32:DNSChanger-VJ [Trj], Trojan horse generic_r.awx and Win32:Sirefef-PL [Rtk]. When a Trojan is installed on your computer, it can carry out any of the following tasks:
1) It may monitor web-browsing activity of the user and redirect users to all kinds of ad sites against their wills.
2) It can open a backdoor that allows an attacker to steal sensitive information including user name and passwords that are stored on the PC.
3) It has an ability to download and run other malware on the compromised computer.
4) It can conceal its presence of the compromised computer by showing only legitimate process running on the system.
Usually those Trojans are detected by AVG or Avast antivirus program. They need to be removed manually because every time you click on ‘ Remove’ button, you will get warning like “Virus identified Win64/Patched.A, C:\Windows\System32\services.exe”;”Cannot be cleaned Remove manually.” Besides, you will meet some cases like that: Your antivirus keeps showing Win32:Sirefef-PL [Rtk] in C:\windows\assembly\gac_32\desktop.ini folder and was asking if you wanted to move it to the chest. But when you moved that one to the chest and seconds later it found another one in the Windows folder and once again asked me if you wanted to move it. As mentioned above, C:\windows\assembly\gac_32\desktop.ini Virus is an annoying issue that should be fixed as soon as possible to secure your computer.
a. There will be lots of annoying pop-up ads and fake security alerts;
b. It will block your access to the Internet and redirect everything you do on your browser to malicious web pages;
c. It will reduce your PC performance and create many junk files to wreak chaos;
d. Antivirus programs on the computer will automatically be shut down;
e. It may come with additional viruses and malware to further damage your computer;
f. Your private and critical information may be captured a remote host who will use them for Internet crimes;
Currently many computer users had the same experience that this virus couldn’t be removed by any anti-virus applications. So the manual approach is always required to combat this virus. And here is the step-by-step removal guide for all computer users.
1. Show hidden files and folders.
Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
Click the View tab.
Under Advanced settings, click Show hidden files and folders, uncheck Hide protected operating system files (Recommended) and then click OK.
2. Open Registry entries. Find out the malicious files and entries and then delete all.
Attention: Always be sure to back up your PC before making any changes.
a. Press the “Start” button and then choose the option “Run”. In the “Open” field, type “regedit” and click the “OK” button.
b. All malicious files and registry entries that should be deleted:
%AllUsersProfile%\Application Data\.dll
%AllUsersProfile%\Application Data\.exe(random)
C:\WINDOWS\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM].exe”
When you get C:\windows\assembly\gac_32\desktop.ini problem on your computer, you will soon discover your computer performs weird. It may redirect a web browser to a predefined site whenever the user enters invalid address or performs an Internet search. And considering the Trojan is located in your computer, it can endangers the privacy of computer users because Trojan is able to create a backdoor and connect to a remote server, allowing a remote attacker to gain control on the compromised computer. Thus, it is necessary to get rid of such annoying issue without any hesitation.
If you cannot handle the manual removal yourself, please contact experts from Yoocare Online Tech Support for further help. 
Published by & last updated on April 19, 2013 2:11 am
Leave a Reply
You must be logged in to post a comment.