Does the “Desktop.ini” and “Thumbs.db” files are virus?

Question

I did some reaches, and I know "Desktop.ini" and "Thumbs.db" files are hidden files for view customizations, and I know they should be safe files and I can delete them. Also, I know if I turn off "show hidden files" they will be gone (but we know they are not really gone, they are just invisible).

However, I never saw it before, until I installed a fake application. After that, almost every single file (even the subfiles) in my computer contains these two files, especially "Desktop.ini". Worse, these two files try to copy themselves to any plugin device and media. For example, when I insert a CD into my CD-ROM the system says "desktop.ini is ready to write into the CD," and almost every flash drives contain these two files after plugged into my computer.

I tried to use anti-virus software to kill and remove these two files such as Kaspersky and Mcafee, but both of them reported that my computer was good after I did a whole drive scan. But I was sure that these two files were the virus, otherwise, it would not copy them self to other file and I should see them before I installed that fake application. So, decided to reinstall my entire OS system (format the internal hard drive and reinstall again).

Now, these files are gone even I turn on "show hidden files." However, few days ago I insert a CD again, and the system still says "desktop.ini is ready to write into the CD," (but flash drives have not contained these files again after I plugged in) . So, after I turn on "show hidden files" and "Hide protected operating system files", "Desktop.ini" is showing up again (the "Thumbs.db" is in some of the files but not every file). This time, they are not in my every single file but the majority files such as "Desktop", "Downloads," and "My Documents"

Sorry, I write too much description, but it is really driving me crazy and I really want to make sure these two files are the virus or not now? If they are, how can I get rid of them? My computer is Windows 10.

Answer 1

Are these two files virusses? No. They're a byproduct of whatever you installed.

Desktop.ini is a file that contains extra information for that specific folder, such as its view settings and sort etc.

Thumbs.db is a small database containing all the thumbnails generated when you use one of the thumbnail views (thumbnails, extra large icons, large icons, medium icons, etc)

It is my conclusion that the program you installed alters explorer to show this info. You need to specify more about this fake application that you installed, but it could be a toolbar that nests itself into your explorer.

Answer 2

Look inside the files if you suspect a virus. Open them with a hexreader or the notepad (only) .
So far nothing you have indicated, as hard as it is to read, is abnormal.

Thumbs databases will be recreated as a cache for picture and video files thumbnails, and can be turned off computer wide , and cleaned out if desired, to assist your discovery.

Desktop.ini should contain only simple couple of lines of textlike data , defines special folders, could be found in roots of disks but not nessisarily.

If your into controlling and seeing everything, make sure your seeing all the extentions of files, so things like Desktop.ini.exe or Thumbs.db.exe would show up in a confusing way.

Answer 3

I suggest turning off Microsoft's useless Hide extensions of known file types. in Folder Options under View tab.

this way you'll be able to determine if the files are malicious or not, as follows :

if the file name is Desktop.ini.exe , or anything else except Desktop.ini , then it is not the System-supplied folder configurations file , but it's indeed a virus. same goes for thumbs.db ,

showing file extensions and hidden system files if you know what you're doing is really useful because most viruses are known to hide your actual folders on a system-level(ie: mark the folders as system files) and replace them with a folder-looking application that would open your desired folder AND perform its malicious code at the same time.