Comments on: Removing Desktop_.ini Virus (W32.Fujacks.E)

By: Tenna

Tenna — Sat, 09 Apr 2011 12:48:14 +0000

Thank you for the above information. I will try it.

in the meantime I would like to share a similar problem if any one has any solution to share:

Recently, facining a problem which I belive is being caused by ‘desktop.ini’: it has created short cut of many folders; when I open any folder, I fing ‘desktop.ini’, and it will come back when deleted manually; whenever i# I tried to burn any file or folder, the ‘desktop.ini’ file also appear to be burnt.

so could you advice how to get rid of this problem.

looking forward to hearing from you all.

sincerely

By: hasthass

hasthass — Mon, 18 Oct 2010 06:08:13 +0000

One of my cd affected from this virus… Please help me to remove it as the cd contains very useful software backups…

By: Darryl

Darryl — Tue, 19 Jan 2010 21:17:54 +0000

i have th Desktop_.ini Virus (W32.Fujacks.E) on my pc. Its not doing anything to corrupt any of my files, however it is still a problem. The advice about removing the registry entry is not working because i do not have that entries.
I’ve searched for “spoclsv” or any of the suggestions above, but still cannot find any in my registry. Is there an AV that can remove this??

By: emmanuel

emmanuel — Mon, 16 Feb 2009 08:01:17 +0000

the virus disables regedit and any av i i install i can’t do more. is there any othere solution?

By: Rajesh

Rajesh — Fri, 06 Feb 2009 08:14:17 +0000

hi I am not downloaded for this link plz help

By: w32/fujack.ini

w32/fujack.ini — Mon, 10 Nov 2008 14:42:13 +0000

Hi i am getting this type virus can u help me out pls

By: Nilpo

Nilpo — Fri, 05 Sep 2008 08:09:00 +0000

There are several other variants of this virus. Their startup entries may be found under either or both of the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The entry may look like any of the following:

“svohost” = “FuckJacks.exe”
“Fuckjacks” = “FuckJacks.exe”
“svcshare”=”spoclsv.exe”
“logo1_.exe”=”C:\WINDOWS\logo_1.exe”
“ati3evx.exe” = “C:\WINDOWS\ati3evx.exe”
“svohost” = “C:\WINDOWS\system32\FuckJacks.exe”
“System Boot Check” = “%System%\sysload3.exe”
“svchost” = “%Windir%\svchost.exe”
“EXPLORER” = “C:\Program Files\Common Files\System\wab32res.exe…”

In addition to the information found in this article, you should also look for and delete the following registry key, if it exists:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasautol

You should also look for and delete the following registry value:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{21LYYSYS-9421-2126-L2Y1-L2Y1Y1S3Y1S4}\”StubPath” = “%System%\[RANDOM].exe”

By: Prakash

Prakash — Fri, 05 Sep 2008 06:29:07 +0000

Hi,

After trying to remove Desktop_.ini as per given instruction by you,,, virus could not remove permanantly.

“svcshare”=”%System%\Drivers\spoclsv.exe”

This value could not found in registry. What is next solution for removing Desktop_.ini virus.

Prakash

By: Suresh

Suresh — Mon, 28 Jan 2008 06:39:35 +0000

Hi,
this virus had been troubling me for a while. I used Kaspersky AV which could detect this virus, and it says that it did disinfect the system. But, am not sure if that really happened. Because, i still see the Desktop_.ini’ files in every folder on the system. Whenever i delete a folder, i see a message which says that the folder contains this Desktop_.ini file. Over the LAN in my college, my friends who are running a different AV can still detect a virus. Please help me.

I did go to registry to delete the above suggested file. But, i didn’t find that file there.

Suggested file was “svcshare”=”%System%\Drivers\spoclsv.exe”

By: Seemit

Seemit — Tue, 22 Jan 2008 10:48:34 +0000

Well, i am not sure how many variants are there for this one. But this one is spreading through Bluetooth phones a lot these days. Bluetooth enabled phones are jacked n pushed with this one. When the phone is attached to machine, the Autorun feature asks for the default thing to run “Setup.exe” and most of the users hit OK.. there u go!!
Now, this one also disables Bluetooth on your machine, yeap u cant add or see devices. second, all your hidden files cant be seen now, even if you check “show hidden files” in folder options (it disables it again). Spoclsv is the culprit.. so find n delete it from registry (everywhere) and then restart machine.. do an attrib -s -h -r (that order) for all the files with dektop_* and spoclsv.* and note down paths.. shift+delete them.

(i did all this) but have not been able to turn on my bluetooth or see my hidden files.. it still is there somewhere..
u guys may be thinkin .. why the hell i dont get an AV.. well I dont have n dont want to buy.. n damn i have Vista!

Now the question, If I have Task Manager on and then do a “Show hidden/system files” and hit apply/ok, I see some task coming in, run for a while and disappear again (rightfullly so) and task is shell32 ( if i rem it correctly).. but the task does a Show n then a DONT SHOW on hidden/system files.. any takes on that ( dont suggest me AV).. i wanna do what AVs would do (try to do).