Commonly FOLDER.HTT, DESKTOP.INI and THUMBS.DB recognized by Windows users as viruses. Because they just pop-up on your private folders where they consume harddrive space.

FOLDER.HTT
FOLDER.HTT is a HyperText Template file containing HTML code that individually or globally customizes the display of folder contents when Internet Explorer 4.0x (IE) is installed. The default FOLDER.HTT file contains script to access and display information from the FileList control, examples of how to handle folder window resizing, and how to use the
Thumbnail Viewer control.

DESKTOP.INI
DESKTOP.INI is a standard text file that can be added to any Windows folder to customize certain aspects of the folder’s behaviour. Occasionally DESKTOP.INI is used by other programs for their own settings.

THUMBS.DB
THUMBS.DB is a file used in Microsoft Windows XP, Windows Server 2003, and Mac OS X that stores a cache for Windows Explorer’s thumbnail view. THUMBS.DBis saved in each directory that contains pictures or photos. Windows stores thumbnails of graphics files in the THUMBS.DB file, including the following formats: JPEG, BMP, GIF, TIF, PDF and HTM. Each thumbnail created in a directory is represented in this database file as a small JPEG file, regardless of the file’s original format. Each folder with initiated thumbnail views (that is where they have displayed a Thumbnails or Filmstrip view in Windows Explorer) will have a THUMBS.DB file.

You can disabled creating THUMBS.DB. Here’s how:
1. Click Start
2. Click Control Panel
3. Double-click Folder Options
4. Click on the View tab
5. Click so that a tick shows in the square next to Do not cache thumbnails
6. Click the OK button

They are actually part of Windows XP systems (and other Windows family). But the first two (FOLDER.HTT, DESKTOP.INI) files discussed are vulnerable to virus attacks which users won’t recognize the infections.

Since FOLDER.HTT is formatted into HyperText Template, it can contain malicious codes such as Visual Basic Scripts (VBScript) and files can embedded into HTML codes in which a single file (FOLDER.HTT) can produce a harmful damage to your system.

A decent or even the BEST anti-virus cannot prevent this attack. Because without an outbreak, anti-virus developers cannot tell it is a virus. All you have to do is watch FOLDER.HTT’s behavior. Commonly this files can only be seen on folders like WINDOWS, Program Files, and Documents and Settings (including their respective sub-folders). If you see FOLDER.HTT in your root drive (e.g. Drive C:\) or in your portable drives (e.g. flashdrives, Memorycard, External Harddrive), you better think twice and possibly you are already infected with some malicious codes. Commonly this files are HIDDEN, so you’d better select show hidden files and folders on your Windows Folder Options (Windows Explorer - Tools - Folder Options - View Tab) in order to see them if they exist or not.

If you want to verify if the selected FOLDER.HTT has a malicious codes, McAfee has a service online to verify if your suspected file is infected or not. Compress the file into ZIP format (standard Zip 2.0) and put a password “infected” on it and send it to Virus_Research@avertlabs.com . It’s not only you who benefited in this case, but also the McAfee VirusScan users worldwide.

Posted in: Software