FOLDER.HTT, DESKTOP.INI, THUMBS.DB: Viruses?

October 17th, 2007 By: Ryann

Commonly FOLDER.HTT, DESKTOP.INI and THUMBS.DB recognized by Windows users as viruses. Because they just pop-up on your private folders where they consume harddrive space.

FOLDER.HTT
FOLDER.HTT is a HyperText Template file containing HTML code that individually or globally customizes the display of folder contents when Internet Explorer 4.0x (IE) is installed. The default FOLDER.HTT file contains script to access and display information from the FileList control, examples of how to handle folder window resizing, and how to use the
Thumbnail Viewer control.

DESKTOP.INI
DESKTOP.INI is a standard text file that can be added to any Windows folder to customize certain aspects of the folder’s behaviour. Occasionally DESKTOP.INI is used by other programs for their own settings.

THUMBS.DB
THUMBS.DB is a file used in Microsoft Windows XP, Windows Server 2003, and Mac OS X that stores a cache for Windows Explorer’s thumbnail view. THUMBS.DBis saved in each directory that contains pictures or photos. Windows stores thumbnails of graphics files in the THUMBS.DB file, including the following formats: JPEG, BMP, GIF, TIF, PDF and HTM. Each thumbnail created in a directory is represented in this database file as a small JPEG file, regardless of the file’s original format. Each folder with initiated thumbnail views (that is where they have displayed a Thumbnails or Filmstrip view in Windows Explorer) will have a THUMBS.DB file.

You can disabled creating THUMBS.DB. Here’s how:
1. Click Start
2. Click Control Panel
3. Double-click Folder Options
4. Click on the View tab
5. Click so that a tick shows in the square next to Do not cache thumbnails
6. Click the OK button

They are actually part of Windows XP systems (and other Windows family). But the first two (FOLDER.HTT, DESKTOP.INI) files discussed are vulnerable to virus attacks which users won’t recognize the infections.

Since FOLDER.HTT is formatted into HyperText Template, it can contain malicious codes such as Visual Basic Scripts (VBScript) and files can embedded into HTML codes in which a single file (FOLDER.HTT) can produce a harmful damage to your system.

A decent or even the BEST anti-virus cannot prevent this attack. Because without an outbreak, anti-virus developers cannot tell it is a virus. All you have to do is watch FOLDER.HTT’s behavior. Commonly this files can only be seen on folders like WINDOWS, Program Files, and Documents and Settings (including their respective sub-folders). If you see FOLDER.HTT in your root drive (e.g. Drive C:\) or in your portable drives (e.g. flashdrives, Memorycard, External Harddrive), you better think twice and possibly you are already infected with some malicious codes. Commonly this files are HIDDEN, so you’d better select show hidden files and folders on your Windows Folder Options (Windows Explorer - Tools - Folder Options - View Tab) in order to see them if they exist or not.

If you want to verify if the selected FOLDER.HTT has a malicious codes, McAfee has a service online to verify if your suspected file is infected or not. Compress the file into ZIP format (standard Zip 2.0) and put a password “infected” on it and send it to Virus_Research@avertlabs.com . It’s not only you who benefited in this case, but also the McAfee VirusScan users worldwide.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Reddit
  • Technorati

32 Responses to “FOLDER.HTT, DESKTOP.INI, THUMBS.DB: Viruses?”

  1. i need virus

  2. Hi,

    Good stuff. Keep it up.

  3. hi,,
    thanks a lot for such good stuff.i was really tensed before.

  4. thanks !! very helpful post!

  5. Does this mean folder.htt and desktop.ini are not viruses? and they are programm codes? Please clarify. Further, if I search and completely del, will window not function?

  6. I provided the link above on what are the functions of those files in our computer. But yes… Those files may contain or link to the virus but they are not considered virus for Windows requires these files to function properly.

    FOLDER.HTT is an HTML file that may insert any scripts (VB program codes) that may harm our computer. As some webpages (HTM/HTML) contains harmful codes, the virus can also hide themselves inside this file.

    How virus possible triggered by FOLDER.HTT?

    USB/CD/Harddrive — FOLDER.HTT — Virus EXE file (included on the folder)

    DESKTOP.INI files are folder setup configurations. Once you open the folder, it loads DESKTOP.INI and shows how the contents view. Example, if you delete/block the DESKTOP.INI from \WINDOWS\FONTS folder, you cannot add/install new fonts on your Control Panel; While from the \WINDOWS and \PROGRAM FILES, there’s no more caution to view all files (all you can see is a plain folder content). Also Scheduled Tasks from \WINDOWS\TASKS are configured by this DESKTOP.INI. If they are removed, you cannot set your schedules anymore (or it won’t function). DESKTOP.INI has functions that we shouldn’t remove this files.

    I only find DESKTOP.INI useful on installing Fonts. But if you customize your folder (with backgrounds), you need these files to view them according to your customizations.

    How virus possible triggered by DESKTOP.INI?

    USB/CD/Harddrive — DESKTOP.INI — HTML file (e.g. COMMENT.HTM) — Virus EXE file (included on the folder)

    From my anti-virus, these are the files I commonly blocked manually:
    - FOLDER.HTT
    - FOLDER.HTM (obviously a hoax file and not required by Windows)
    - COMMENT.HTM (or COMMENTS.HTM, found a virus named “Wukill” uses this file)
    - DESKTOP.INI (I only enable them when I need to install my Fonts.)
    - AUTORUN.INF (disables any autoplay activity)
    - THUMBS.DB (it will slows loading your image if you disable this function)

    As my suggestion if you could block these files, please do so. We may not know which one can block by our so-called “BEST ANTI-VIRUS” installed, but once we notice these files (especially AUTORUN.INF) on your USB thumbdrives, burned CDs (not installers), at least our system won’t run them and infect our PC.

    By the way, viruses are commonly set as HIDDEN. You can select from the FOLDER OPTIONS menu of your Windows Explorer “Show hidden files and folders”. If you found suspicious on your thumbdrives (including AUTORUN.INF, FOLDER.HTT, or DESKTOP.INI), just delete them or send sample to AVERT LABS ;)

  7. are you sure it will work? i’m trying to make mp3 musics but that desktop.ini is still getting on to musics I want to copy. are u a gienuise or whAT? WILL U PLS, TELL ME IF YOUR OR FROUD!!!!

    /

  8. Copy from where? As I told before, DESKTOP.INI are not viruses. It only triggers something (files linked) to run from it. It is just normally an accessories to the malicious codes. Nothing to worry about (especially if you think your anti-virus is enough).

    If you want to verify your DESKTOP.INI’s details, drag the file to NOTEPAD and see what it contains with you.

    This is what commonly found on a MY DOCUMENTS\MY MUSIC\DESKTOP.INI (from Windows XP systems)

    ———————————————————————————
    [DeleteOnCopy]
    Personalized=13
    PersonalizedName=My Music
    [.ShellClassInfo]
    InfoTip=@Shell32.dll,-12689
    IconFile=%SystemRoot%\system32\SHELL32.dll
    IconIndex=-237
    ———————————————————————————

    For me as part of precautions, I already blocked those files in order for me to prevent from any attacks without notifications. If I have to copy from folders to folders, I disabled my McAfee’s customized blocker before I transfer the file(s). But as possible, I don’t include FOLDER.HTT, DESKTOP.INI, and THUMBS.DB on my target drive/folder.

    About the “genius” thing, I am no genius. I just look for any possibilities that an infection may occur. About this article, I only announce to the public that those files are normally seen on our computer. But in that way, they are also too vulnerable to any virus/malware/adware attacks.

  9. NOTE: Please read the above posts before you say anything.

    Added to this section: I believe not all Windows operating system have this but you could try…

    START — RUN — GPEDIT.MSC

    Once the Group Policy is loaded, please click the following:

    Local Computer Policy
    –Computer Configuration
    —–Administrative Templates
    ——-System

    and look for TURN OFF AUTOPLAY and double click on it. Select ENABLED and configured as “ALL DRIVES”. This will disable any autorun on all harddrives/flashdrives/discs (any drives uses AUTORUN.INF). This will prevent to run the malicious codes automatically. But still, you have to run your anti-virus to check the drive. But newer virus signatures may not recognized :)

    To verify if the drive is infected with “Autorun virus”, open your Windows Explorer, unhide all hidden and system files (Tools — Folder Options — ViewTab section) and open the drive with right click (instead of left click) and click EXPLORE instead of AUTOPLAY/OPEN.

    Once you found a AUTORUN.INF existed on your root drive, there’s a possibility that you are infected with virus. :)

    *GPEDIT.MSC is tested on Windows XP Professional platform. You could try to other O/S too (but haven’t tested with other versions)

  10. Please stop pulling my hair! ,

  11. Told him, I would put him on the paper regardless. ,

  12. Annonymous, if you have meeting info on Democratic Town Committee by all means email me the info. Thanks

  13. hi, this article helps, me, cause i am always sauing that thumbs.db and destop.ini are viruses, thankls for the info

  14. Best you should edit the post title FOLDER.HTT, DESKTOP.INI, THUMBS.DB: Viruses? | Zeezeeg to more specific for your webpage you write. I enjoyed the post still.

  15. Hey bro, do have a e-newsletter? If you do not you actually ought to get on that…this web site is pure gold!

  16. I do like things nice and easy. Making money is not all that easy these days but fortunately, I found a trick. This technology was secretly “copied” from one of the top internet enterprises. There is nothing illegal or shady about it… it’s just kind of secret. The software needs very little babysitting so it’s basically set it up and forget it. This super affiliate push button software is the real thing, so if you’re planning to use it unethically, or use it for scam purposes, this software isn’t for you! If you can spend no more than 3 minutes to download and setup this software, and then click the ‘Start Button’ just once to start this autopilot push button software… Then you can make money online. This never seen before push button software proved that the best and most profitable traffic on the internet is free traffic. Don’t even bother trying to figure out how this powerful software works. All you really need to know is that you can download it (if the link hasn’t been taken down yet) and then push a button and watch the magic. Get it before it is gone -> http://tinyurl.com/pbcsites

  17. Do you mind if I quote your writing on my Wiki Site? I think your topic suits my audience perfectly. Well ya, thanks for posting this article.

  18. If you take a look at history you will see a revolution against slavery on each and every few hundred years. I think now is a good time for another one against the monetary system but without blood this time. Get involved, take action!

  19. Very well written post. It will be useful to anyone who usess it, including myself. Keep up the good work looking forward to more posts.

  20. I had this virus it makes dubbles files so many of them there is no way to delet them all i have a copy of the virus on a cd it is not detected by any virus soft wehere out ther i have sent a cop to comodo norton had no intrest in it i have now got it a secend time in one year and all my back up drives are in fected and i can not get to my back up files with out being infected again and one have a idea thank you 2012 jan 11

  21. thank you ryann i have turen off every thing good info

  22. Great post but I wanted to let you know that your rss feed link is not working.

  23. I have fun with, result in I found exactly what I was having a look for. You have ended my four day lengthy hunt! God Bless you man. Have a great day. Bye

  24. Hello, Good morning as i do absolutely love Your site, i would be very honored if you would ask me to publish a honest review about your great site in this little would you allow me that?

  25. I precisely needed to thank you very much yet again. I am not sure the things I could possibly have taken care of without the basics discussed by you about that field. It had been the horrifying dilemma for me, however , being able to view the very specialized technique you treated the issue took me to cry with joy. I am just happier for the assistance and in addition expect you know what a great job you’re carrying out instructing the rest all through your site. I am sure you’ve never encountered all of us.

  26. Thank you so much for providing individuals with a very splendid chance to read in detail from this website. It is usually so excellent plus stuffed with fun for me and my office acquaintances to visit your site more than 3 times in 7 days to study the latest things you have. Of course, we’re at all times motivated for the excellent solutions served by you. Certain two points in this article are particularly the simplest I’ve had.

  27. Very nice design and good subject matter, very little else we need :D.

  28. of course like your web-site however you need to take a look at the spelling on several of your posts. Many of them are rife with spelling issues and I in finding it very bothersome to inform the reality then again I’ll surely come back again.

  29. Asking questions are genuinely nice thing if you
    are not understanding something totally, but this piece of writing provides good understanding yet.

  30. One thing that you can do to bring a union to your company, particularly to the corporate level, is by sharing unique corporate Christmas gifts.
    If you are looking for a corporate gift idea to customize, look online.

    Some of them is included with a pen while a few others is given a small stapler on it.

  31. Video Cutter is known as a incredibly straightforward tool which could cut any video in virtually any format very easily. It supports MPG, VOB, DAT, AVI, DIVX, MPWMV, MOV, MKV, FLV and also other video formats.All you may need to accomplish is play the video.Mark begin and finish of your video.

  32. Cost-free Video Cutter has quite couple of choices - you can easily opt for the output format, but there are actually no quality settings. There’s also no sound in Cost-free Video Cutter, so you need to make your reduce just employing images. Sound will likely be kept for the edited video, you simply can not hear it in the app itself. Ironically, you can easily set the output to MP3 and convert the sound out of your video!

Leave a Reply