9 Replies Latest reply on Sep 3, 2012 6:16 AM by Peter M

    Desktop.ini

    melissasparrots

      Mcafee virus scan found several viruses on my computer a few days ago.  Some it was able to fix, others not.  I ran the scan again in safemode and followed the Stinger instructions.  That got some more.  However, when I ran a scan again today it said there were two viruses, both Desktop.ini that it can't fix.  Also, my computer starts out with firwall on, however several minutes after being turned on, the firewall turns off and I can't get it back on.  Could anyone help me in fixing this?  I am not techie at all so will need fairly detailed instructions.  I tried calling McAfee but they want to charge me, so I thought I'd try this myself. If it makes any difference, its an ASUS computer, Windows 7, service pack1.

      Thanks,

      Melissa

        • 1. Re: Desktop.ini
          Peacekeeper

          Reboot that maybe necessary to clean the files

          Also try booting into safe mode and right click the shiled and choose scan. That might pickup same more.

           

          that done try some of the other scanners here

          McAfee Communities: Anti-Spyware, Malware & Hijacker Tools

           

          With getsusp make sure you add your email to the preferences so Mcafee can fillow up anything found

           

          Message was edited by: Peacekeeper on 16/08/12 8:06:04 PM
          • 2. Re: Desktop.ini
            Peter M

            desktop.ini is normally a hidden System file and valid.  Are you sure they are dangerous?   Have you got System files and folders enabled in Windows Explorer Tools > Folder Options > View?

             

            Capture.JPG

            • 3. Re: Desktop.ini

              My XP McAfee reports a C:\Windows\Assemblies\GAC\Desktop.ini, but it is not there. I even rebooted in safe mode, opened a command prompt, and navigated to that directory. And I am obviously infected, since my desktop keeps rearranging itself.

              • 4. Re: Desktop.ini
                Peter M

                What name is it giving to the detection?    Try running McAfee in Safe Mode by rebooting and tapping F8 repeatedly while booting up and then simply right-click the taskbar icon and select Run a Scan.   All you'll see will be activity in the icon, hover over it for a report of progress.

                 

                Run Stinger and Malwarebytes Free both listed in the last link in my signature below.  

                • 5. Re: Desktop.ini
                  Hayton

                  The file may be a hidden file. Did you try searching for it from the command line using "dir /ah d*"?

                   

                  Finding that file in that location is not good news. It's an indicator that you may have been infected with the ZeroAccess rootkit. You can try some of the general-purpose removal tools that we recommend here, but it's a stubborn piece of malware and difficult to remove without specialist help. You may need to go to a forum like BleepingComputer  -  http://www.bleepingcomputer.com/forums/forum79.html

                   

                  First though try the easy self-help steps.

                  - Obviously,  a full scan with McAfee using the latest DAT, which is now 6812.

                  - Follow this with the Stinger tool, from http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

                   

                  Stinger will deal with many, but not all, of the reported ZeroAccess variants. If it doesn't remove a reported ZeroAccess infection run the Rootkit Removal Tool -

                  http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx


                  - Then run Malwarebytes free version

                   

                  If, at the end of all this, you still have a rootkit infection, don't be surprised. They're designed to be invisible, and to attack and disable any attempts to remove them. That's when you would need to ask for help on BleepingComputer.

                   


                  • 6. Re: Desktop.ini

                    Yep. I didn't realize that DOS "respected," for lack of a better word, hidden files. It's gone. I will rerun scan in safe mode this evening. Thanks so much.

                    • 7. Re: Desktop.ini
                      Hayton

                      Look for "desktop.ini" also in the following locations :

                      c:\windows\assembly\gac_32\desktop.ini and

                      c:\windows\assembly\gac_64\desktop.ini.

                       

                      See the thread about a similar problem at

                      https://community.mcafee.com/message/244593#244593

                       

                      HitmanPro does a good job of detecting ZeroAccess and is recommended by other posters but the free version will only detect it, not remove. Nevertheless, anything that helps you find out if ZeroAccess is actually present (like I said, it's good at hiding itself) is a valuable tool and so worth recommending.

                      • 8. Re: Desktop.ini
                        melissasparrots

                        Thanks for the help.  I think one of the McAfee updates must have gotten it because I've run the scan and Stinger several times and it now comes back with no viruses detected.  However, it still won't let me turn on the fire wall.  Does this mean I still have a virus that isn't being detected or is there another issue going on?  My computer so far is behaving normally.  Any hints on how to turn on the firewall and get it to stay on?  I click on firewall, go to settings and it gives me the option of turning on the firewall.  But when I click "Turn On" it immediately turns itself off.  So far I haven't done anything with Hitman Pro or Malwarebyte or anything else.  I just haven't had much time to work with this. Thanks again,

                        Melissa

                        • 9. Re: Desktop.ini
                          Peter M

                          Melissa, try running the Virtual Technician which can often repair things:  http://mvt.mcafee.com/