# [SOLVED] desktop.ini/folder.htt



## brite750 (Mar 16, 2002)

These two files keep popping up all over my pc, what is going on? If I click on a Zip disk or floppy these two files pop-up on the the drive.


----------



## WhitPhil (Oct 4, 2000)

They are just part of the architecture and nothing to worry about.

Folder Customization


----------



## brite750 (Mar 16, 2002)

That's good to hear, someone told me it was a trojan, or virus. I never say these files before, is it because I have show hidden files check under folder options? or some other setting.


----------



## brite750 (Mar 16, 2002)

As a continuation of my previous post about desktop.ini and folder.htt, this problem was indeed a virus!. I ran Panda and it came up with about 2700 virus detections, the VBS/Randof-a virus. I had thousands of these .htt files all over the C drive, hopefully Panda has removed the virus, anyone with more info an this virus and their experience with it can post if they like.


----------



## brite750 (Mar 16, 2002)

sorry, not Randof......VBS/Redlof-a, I thought Randof sounded better though


----------



## WhitPhil (Oct 4, 2000)

The HTT files ARE part of the folder architecture in Windows. But, this lovely virus uses this capability to ensure that it gets run everytime you open a folder (which executes the code in the HTT file)

Panda Description

Symantec Description

Recommendation?
It "appears" that you detected this virus, after the fact, by running an Antivirus program. You should really have the AV running all the time in the background. You want to detect viruses on the way in, not after they have infected you.

If this were a destructive virus, you would not be doing reinstalls and restores of files from backups.


----------



## brite750 (Mar 16, 2002)

Thanks for for the info Whitphil, I have had Norton running for 3 years, udated the Dats regularly, never had a virus detected. I had to reformat last March, trying to install W2k, gave up, and never got around to loading Norton, then Wham!!!, it was a strange little bug though, don't know how long it was there, didn't seem to do much. Just goes to show you kiddies, aways use your AV.


----------



## Peter K (Aug 29, 2003)

> _Originally posted by WhitPhil:_
> *The HTT files ARE part of the folder architecture in Windows. But, this lovely virus uses this capability to ensure that it gets run everytime you open a folder (which executes the code in the HTT file)
> 
> Recommendation?
> It "appears" that you detected this virus, after the fact, by running an Antivirus program. You should really have the AV running all the time in the background. *


I am continuously running avast antivirus 4.0 in background, but in this mode it didn't detect the virus. I detected it running the main program.


----------



## clmclr (Aug 30, 2003)

Hi Peter K, Are you sure you are infected with the VBS/Redlof-a virus? Im running Avast 4 as well, and two days ago it came up with a virus alarm for four of my folder.htt files: Vbs:Malware[Script] . If youre talking about the same thing, go to http://www.avast.com and, under support, check out their forum re viruses. The Vbs:Malware[Script] is a confirmed false alarm that sneaked into their virus database and was intended to be removed with yesterdays update.

If you want to know about another virus beside the VBS/Redlof-a virus that also exploits the capability of folder.htt file settings to be overwritten (so as to change the way your "system folders" behave), see: http://securityresponse.symantec.com/avcenter/venc/data/vbs.terrosist.html about the VBS.Terrosist virus. I found this information at 
http://www.experts-exchange.com/Operating_Systems/Win98/Q_20672560.html#8882471 (halfway down the thread)

Folder.htt seems to be a vulnerable file anyway. Here is some information about this file, in case youre interested: 
http://www.securityfocus.com/bid/1571 
http://www.securityfocus.com/archive/1/76135


----------

