Desktop. ini, folder icon, folder background, hidden files, Viruses
Some viruses may create a desktop. ini file in the folder. At present, many friends have incorrect ideas about this file and think it is a virus file. This is actually wrong,
Desktop. ini is not a deep source of viruses. desktop. ini is a file that can be identified by the system. It is used to store users' personalized settings on folders.
Desktop. ini is different (this is not completely correct, see the following article .), The file content created by the virus varies depending on the virus. It can be an infected date or other intentionally or unintentionally characters.
(String ).
The following describes the use of desktop. ini:
I. folder icon
[. Shellclassinfo]
Infotip = comment
Iconfile = path of the icon file
Iconindex = select the icons in the file to be used
Custom image files, whose extension names can be .exe,. dll, And. ICO.
2. Folder background
[Extshellfolderviews]
[]
Iconarea_image = the path of the background image (for example, c: \ Documents and Settings \ All Users \ Documents \ my pictures \ sample image \ blue hills.jpg, image)
Preferably in JPG or BMP Format)
3. Mark special folders
There are some special folders in the system, such as the recycle bin, my computer, my documents, and network neighbors. There are two ways to mark these folders:
1. Add a "." directly to the folder name and add the corresponding clisid
For example, name a folder: Create a folder.
The icon of this folder will change to the icon of my computer, and when you double-click this folder, it will open my computer.
The clisid of some special folders in the system is provided to you:
My computer.
Recycle Bin.
Dial-Up Network.
Control Panel.
Printer.
Network neighbors.
Scheduled task.
My documents.
URL history.
2. The second method is to use a desktop. ini file.
Take my computer as an example:
Create a folder named casually and create a desktop. ini file under it. The content is as follows:
[. Shellclassinfo]
Clisid =
Note: Some viruses will create such folders to hide themselves. This is also a method for hiding secrets.
Iv. Mark the folder owner
This is usually seen in my documents. For example, my documents contain such a file with the following content:
[Deleteoncopy]
Owner = Administrator
Personalized = 5
Personalizedname = My Documents
5. Change the folder color
To implement this function, you need to register a. dll file colorfolder. dll. As I have not tried it, I cannot provide the relevant content. below is what I found online
For reference.
Change the folder color
[. Shellclassinfo]
Iconfile = colorfolder. dll
Iconindex = 0
Save as a pointer to. ini file, along with the colorfolder. dll file (downloaded from the mikebox Network Disk)
If you want to add a background image and change the color of the file name in the folder!
[extshellfolderviews]
=
[]
iconarea_text = 0x000000ff
attributes = 1
iconarea_image%bg04.jpg
[. shellclassinfo]
confirmfileop = 0
Put the image named bg04.jpg in the same folder, and then in the originalCodeAdd the above to change the background image of the folder! Change the bg04.jpg image and repair it.
Change the name (bg04.jpg) to the new image name. You can set it as your favorite background image (JPG format is recommended )! Modify 0x000000ff to change the file
The color you want! 0x000000ff is red, 0x00008000 is green, 0x00ff0000 is blue, 0x00ffffff is white! (To change the color, you must also have a dynamic link library file.
Supported)
Please log on to the instance for downloadHttp://www.mikebox.com/, Input extract code: 6fd177009b8b4d66955aa190eccea968 extract example!
Register Dynamic Link Library: Go to Start> Run and enter "regsvr32 colorfolder. dll" (excluding quotation marks, there is a space between regsvr32 and colorfolder. dll !) Register
Dynamically link the Library to the system!
All right, I know the usefulness of desktop. ini. Now let's talk about the virus,
According to my experience, the desktop. ini created by the virus contains a date or a character. I cannot tell whether it makes sense, but it is certain that the file is not executable.ProgramIts existence will not cause any harm. In addition, the Weijin virus creates some _ desktop. ini files, which can be deleted as follows:
run the following command on the command line:
del X: \ _ desktop. INI/f/Q/S/A: H (X: drive letter, for example, C :)
related parameters:
/P prompts confirmation before deleting each file.
/F force delete a read-only file.
/s deletes a specified file from all subdirectories.
/Q quiet mode. Confirmation is not required when deleting a global wildcard.
/A selects the file to be deleted based on the attribute.
attributes R read-only file S System File
h hide file a archive file
-indicates the prefix of" no "
If the command extension is enabled, del will change as follows:
The display syntaxes of the/s switch are reversed. That is, only deleted files are displayed, but files that cannot be found are not displayed.
Some common questions:
1: What does [localizedfilenames] in desktop. ini in the management tool folder mean?
A: [localizedfilenames] indicates the "restricted file name", that is, the identifier of the control file.
2: In a desktop. ini file
[. Shellclassinfo]
Localizedresourcename = @ % SystemRoot % \ system32 \ shell32.dll,-21762
What role does this play?
What is the role of localizedresourcename?
What is the role of-21762? What is the principle?
A: localizedresourcename is the address referenced by the name after "restricted Resource Name". Note that many such information is recorded in the shell32.dll dynamic link library, including the icon ICO address, the last-21762 is an ID, which can also be interpreted as an index.
3: In a desktop. ini file
Infotip is the description when pointing to a folder,
But what does infotip = @ shell32.dll mean by-12690?
A: It is easy to understand the second question. Is infotip a "message prompt" link or shell32.dll. -12690 is also an index number.
4: In a desktop. ini file
Iconfile refers to the folder path of the icon.
Iconfile = % SystemRoot % \ system32 \ shell32.dll
Iconindex =-238 indicates the chart file name,
But-238 is the icon and the folder in which these icons are placed,
How can I clearly view the list of these icons,
And which icon the numbers referenced outside represent, for example,-238 indicates which icon.
A: continue with the answers to the first two questions. iconfile is the "ICO icon file", which I will not explain more later. As for how to find this icon, you can find the image by selecting the icon option in any shortcut attribute, and then locate the specified image by referencing the index.
5: In a desktop. ini file
[Deleteoncopy]
Owner = Jed
Personalized = 14
Personalizedname = My videos
What do these mean?
A: this should be desktop. ini in the "My videos" folder in "My documents. "Owner = Jed" means that the current folder belongs to the user of "Jed". "personalized = 14" means private property. 14 doesn't make it clear, "personalizedname = My videos" indicates that this private document is called "My videos ".
6: In a desktop. ini file, it must start
; ==++ =
;
; Copyright (c) Microsoft Corporation. All rights reserved.
;
; ==-- =
What do these mean?
Is it with HTML code? <! --> Is the annotation function the same?
If so, what is the specific format?
A: This is very simple. It means that the ownership of this code segment is "Microsoft ". This can be seen in many places. For example, many websites may state "Copyright (c) Corporation. All Rights Reserved.", which means ownership.
7: inside a desktop. ini
[. Shellclassinfo]
CLSID =
Confirmfileop = 1
Infotip = contains application stability information.
What does this mean?
A: This is the desktop in the system-protected folder. INI indicates the shellclass information. "CLSID =" indicates that the address of the class ID in the registry is "1d2680c9-0e2a-469d-b787-065558bc7d43", and "infotip = contains application stability information" indicates the information prompt. For more information, see the answers to the 3rd questions.
8: desktop. ini in the XP font folder (c: \ windows \ fonts \)
[. Shellclassinfo]
Uiclsid =
What does this mean?
A: For more information, see 7th. uiclsid = indicates that the address of the font style ID in the registry is "BD84B380-8CA2-1069-AB1D-08000948F534 ".
9: in XP, c: \ Documents ents and Settings \ Default User \ sendto \ desktop. ini
[Localizedfilenames]
Email Recipient. mapimail = @ sendmail. dll,-4
Desktop Shortcut. sharelink = @ sendmail. dll,-21
What does it mean?
A: the meaning of "localizedfilenames" is not mentioned. The following questions can be explained in English. One is "email receiver" and the other is "desktop shortcut". The dynamic link libraries used respectively are "Sendmail. DLL "only has different IDs, one is 4 and the other is 21.
10: A desktop. ini
-----------------------------------
[. Shellclassinfo]
Iconindex = mainicon
Iconfile = D: \ \ ttplayer.exe
-----------------------------------
If the mainicon in is changed to 1 or 2, the icon of the external Folder will change,
But what format does iconfile = *. * Support icons? I only know that the EXE program icon is supported, and the ICO format should also be supported,
I tried BMP. JPG and others are not supported.
A: "iconindex = mainicon" means that the ICO icon index is the primary image, that is, the default icon. "Iconfile = D: \ \ ttplayer.exe" indicates that the icon file is located at "D: \ \ ttplayer.exe, generally, exe files contain ICO Icon files, and Windows icons do not support BMP, JPG, GIF, and other image formats. If you want to use them, you can use the ICO file conversion tool for conversion, in addition, this type of conversion function is provided in programming software.
11: confirmfileop = 0?
A: Check that the file option is 0. As for what settings 0 represents, the personal estimation is the default setting. If not, change it to 1 to see what changes have taken place.