A reader recently submitted a question about removing a strange virus. Although the question is a bit vague, I believe the Windows Guru has the solution for removing the Desktop_.ini virus.
Please let me know how to get rid of Desktop_.ini virus.
Hello, Rakesh. Without properly identifying your virus, I’m left to do a bit of guessing. However, in your case, I believe I can make a fairly accurate guess. The only virus that I’m aware of that creates a file named Desktop_.ini is the W32.Fujacks.E worm.
Discovered in early 2007, the W32.Fujacks.E worm is a virus that copies itself to the root drive of all partitions and infects all files with certain executable types found on the local computer. The worm ends some security-related processes and services leaving your machine vulnerable to a more malicious attack.
While we can end the worm process and remove it, you will need a proper AV solution to clean the infected files on your computer.
Since this virus targets many popular AV solutions, the first step in removal should be to reinstall your anti-virus program to ensure that it is working properly. Avoid rebooting during this process.
Next, you should disable system restore if it is enabled. Right-click My Computer and choose Properties… to open the System Properties dialog box. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives and click Apply. Then, click Yes to the confirmation message. You must be logged on as an administrator.
At this point, you should update your virus definitions and run a full system scan with your anti-virus program. Most AV programs should detect and clean this virus from infected files. If you are unable to do this for any reason, reboot your computer in Safe Mode and attempt it from there.
Finally, and with the computer running in Normal mode, you can remove the registry entries created by the virus. Click start and choose Run… to open the Run dialog box. Enter regedit and click OK. Navigate to the following sub-key:
and delete the following value from the right-pane:
The Desktop_.ini (W32.Fujacks.E) virus should be successfully removed from your computer.