RE: Folder.htt & Desktop.ini Virus



Subratam
07-09-2005, 10:50 PM
Is Folder.htt and Desktop.ini file is spreading in your computer? Try to
create a new folder and show hidden files and see if those two files are
created everytime you create a new folder. If that happens you have been
infected with Redlof . Do a download of Avast virus and run a complete scan
and that should clear Redlof. If there is the case otherwise then as said ,
leave those two files as they will be present in a computet but yes not in
each and every folders.

Regards

David H. Lipman
07-09-2005, 10:50 PM
From: "Subratam" <Subratam@discussions.microsoft.com>

| Is Folder.htt and Desktop.ini file is spreading in your computer? Try to
| create a new folder and show hidden files and see if those two files are
| created everytime you create a new folder. If that happens you have been
| infected with Redlof . Do a download of Avast virus and run a complete scan
| and that should clear Redlof. If there is the case otherwise then as said ,
| leave those two files as they will be present in a computet but yes not in
| each and every folders.
|
| Regards


NO....

VBS/Redlof@M -- http://vil.nai.com/vil/content/v_99476.htm
"This is a file infecting VBScript that sets a default, infected, stationary file for the
Microsoft Outlook and Outlook Express email client programs. It exploits the Microsoft VM
ActiveX Component Vulnerability." --
http://www.microsoft.com/technet/security/bulletin/MS00-075.mspx

"Symptoms
- Presence of KERNEL.DLL (11,160 bytes) in the SYSTEM directory
- Increase in file size of .HTM and .HTT documents "


It means 'paneerselvam' set folder options to show Hidden System files revealing Folder.htt
& Desktop.ini which are used to show folders in a specific fashion.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Subratam
07-09-2005, 10:50 PM
Yes ,
What I wanted to check if Redlof exists or not , as When VBS.Redlof.B runs,
it does the following:

1. Drops the following hidden files in multiple locations:

* Desktop.ini
* Folder.htt (viral code)

source :
http://securityresponse.symantec.com/avcenter/venc/data/vbs.redlof.b.html
Nothing more , but just a normal safety scan. :)

Regards

"David H. Lipman" wrote:

> From: "Subratam" <Subratam@discussions.microsoft.com>
>
> | Is Folder.htt and Desktop.ini file is spreading in your computer? Try to
> | create a new folder and show hidden files and see if those two files are
> | created everytime you create a new folder. If that happens you have been
> | infected with Redlof . Do a download of Avast virus and run a complete scan
> | and that should clear Redlof. If there is the case otherwise then as said ,
> | leave those two files as they will be present in a computet but yes not in
> | each and every folders.
> |
> | Regards
>
>
> NO....
>
> VBS/Redlof@M -- http://vil.nai.com/vil/content/v_99476.htm
> "This is a file infecting VBScript that sets a default, infected, stationary file for the
> Microsoft Outlook and Outlook Express email client programs. It exploits the Microsoft VM
> ActiveX Component Vulnerability." --
> http://www.microsoft.com/technet/security/bulletin/MS00-075.mspx
>
> "Symptoms
> - Presence of KERNEL.DLL (11,160 bytes) in the SYSTEM directory
> - Increase in file size of .HTM and .HTT documents "
>
>
> It means 'paneerselvam' set folder options to show Hidden System files revealing Folder.htt
> & Desktop.ini which are used to show folders in a specific fashion.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-09-2005, 10:50 PM
From: "Subratam" <Subratam@discussions.microsoft.com>

| Yes ,
| What I wanted to check if Redlof exists or not , as When VBS.Redlof.B runs,
| it does the following:
|
| 1. Drops the following hidden files in multiple locations:
|
| * Desktop.ini
| * Folder.htt (viral code)
|
| source :
| http://securityresponse.symantec.com/avcenter/venc/data/vbs.redlof.b.html
| Nothing more , but just a normal safety scan. :)
|
| Regards


Thanx for that clarification. I was not aware of a new variant that was detected as of
February of this year (2005).

It certainly makes modifications to the Registry that can easily be checked.

In addition, the easiest way to find out is to submit a copy of "Folder.htt" with a recently
updated date to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 18 different AV vendor's scanners in cluding
Symantec.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


RE: Folder.htt & Desktop.ini Virus