ONLINE-TECH FORUMS
Welcome to ONLINE-Tech Forums

How to uninstall Desktop.ini Virus?

Go down

How to uninstall Desktop.ini Virus?

Post by phrymeskillz on Tue Dec 03, 2013 7:01 pm



How to uninstall Desktop.ini Virus?

Your PC keeps pop-up desktop.ini files everywhere? Cannot find desktop.ini files in the register? What is Desktop.ini Virus? How can I get rid of Desktop.ini Virus from my laptop?




Description:
Desktop.ini Virus is a malware which is deeply hidden in the target computer. It has been found to attack all versions of Windows such as Window Xp, Window 7, Window 8, and Window Vista. Generally, it is used to customize and adjust settings for the Windows folders and Windows system files which contain the file. And this marware can changed its name randomly which many victims cannot find it out. Also, this Desktop.ini file hides itself by using the security name that is similar with the system files. So many users’ never realize that is a virus, and take as regards a normal file. Then when they see Desktop.ini file on their computers, they may keep it. In addition, this virus have associated with the folder’s settings, when you try to delete it from your computer, it may modify other folders’ settings. In one case, if this file has a different icon on one folder, and you delete this file, it may cause the folder icon will be re-enabled.

If you want to remove this virus from your system, you need to know the location of its file and delete it from its location. But to find it out is so difficult to users, and this virus often related with other Trojan horse viruses, such as Trojan.0access, Trojan:DOS/Alureon.M, and Win64:ZAcces-E. Those Trojan displays on the Desktop.ini file, and its hidden files. Once infected this virus, the other Trojan horse viruses can easily come into your computer, and create codes to your system. Those codes usually are added by some hackers who want to control your computer and record your online activities. Moreover, it can steal your privacy which concludes login information, bank details, and so on. This virus may bypass your antivirus software and it is not scanned by them. So it needs to remove by manually. 

Risks caused by Desktop.ini Virus
This virus may come with additional spyware, or Trojan horse viruses
It may be controlled by a remote person
This virus violates your privacy and compromises your security
This virus slows down your computer performance
This virus may allow intruders to modify your system

Antivirus doesn’t seem to pick this Desktop.ini Virus up, why?
The Desktop.ini virus, as many other viruses, is created with malicious code and is changed daily or more often. That's why any of the antivirus programs can't keep up to remove the virus. When victim users tried with various security tools, they did not eliminate the virus, but messed up the computer more. Any unsure method is not recommended to remove the virus, but manual removal has always been the most effective way to get rid of it.

Explicit manual steps to help you eradicate Desktop.ini Virus
1) Boot your computer into Safe Mode with Networking.

To perform this procedure, please restart your computer and keep pressing F8 key until Windows Advanced Options menu shows up, then using arrow key to select “Safe Mode with Networking” from the list and press ENTER to get into that mode.



2) Press Ctrl+Alt+Del keys together to pull up Window Task Manager and end suspicious processes:




3) Check the following directories and remove all these associated files:


PROGRAMFILES%\Garss.exe
%WINDIR%\SYSTEM32\superec.io.sys
%ALLUSERSPROFILE%\Application Data\Storm\update\%SESSIONNAME%\mgedi.cc3


4) Open Registry Editor by navigating to Start Menu, type in Regedit, and then click OK. When you have been in Registry Editor, please remove the following related registry entries:





HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\DISPLAYNAME = Human Interface Device Access
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\ERRORCONTROL = 1
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\FAILUREACTIONS = [binary data]
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\IMAGEPATH = %SystemRoot%\SYSTEM32\svchost.exe -k netsvcs
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\OBJECTNAME = LocalSystem
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\START = 4
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\TYPE = 32
HKEY_LOCAL_MACHINE\SOFTWARE\FSQJGWRSYX\PARAMETERS\SERVICEDLL = %SystemRoot%\SYSTEM32\hidserv.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\SERVICES\BITS\START = 2


5) After you finish the above steps, please reboot your computer and get in normal mode to check the effectiveness.





If you find this helpful...
Don't Forget to Say Thanks and Feedback/ Comment below.









avatar
phrymeskillz
Moderator
Moderator

Posts : 102
Reputation : 48
Join date : 2013-09-27
Age : 26
Location : Cagayan Valley, Philippines

http://talosig-channel.blogspot.com

Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum