Desktop.ini

Windows folders typically contain hidden Desktop.ini files that can't be seen without altering your default file-viewing options. These files are used to hold simple viewing and configuration options for folders. Deleting Desktop.ini isn't harmful to your operating system, but in many cases, Windows will simply re-create them later. If you see spare Desktop.ini files or see a Desktop.ini process in memory, then you may have a virus or other infection masquerading under the Desktop.ini name. Computer users who suspect that they're being infected by a fake Desktop.ini file should use anti-malware scanner applications to delete all possible parts of the infection without being fooled by innocent Desktop.ini files.

Desktop.ini - the Folder Assistant

Desktop.ini will not be seen unless you set your file viewing preferences to allow you to see system and hidden files. If you do enable that viewing option, you may notice Desktop.ini present in any folder where you've altered the default viewing configuration or other aesthetic options, such as whether a tooltip displays when the cursor hovers over the folder icon.

Desktop.ini is a simple text file and can be viewed and edited in Notepad. Here's one sample of what your Desktop.ini may look like in the case of a music folder:

[.ShellClassInfo]
FolderType=MusicAlbum
MusicBuyUrl=http://(lengthy URL string)

The hard drive space taken up by Desktop.ini is negligible; most Desktop.ini files are only 1 kb. Ordinarily there's no reason to worry about deleting Desktop.ini files for the sake of saving space. Blank Desktop.ini files, particularly in your system folders, are also perfectly normal.

How Malware Abuse Desktop.ini for Their Own Benefit

Sometimes malware such as worms or viruses will try to hide under the name of Desktop.ini. Here's some of the ways you can tell these chameleons from the real thing:

• Desktop.ini files that can't be opened, read and edited like text files.
• Desktop.ini files that take up a significant amount of hard drive space.
• Duplicate or redundant Desktop.ini files when a folder already has one.
• Memory processes (viewable in Windows Task Manager) that run under the name of Desktop.ini.
• Desktop.ini present on a computer that has never used Windows (Macs and other alternative OSes do not use Desktop.ini files).

All these are indications of a malware infection pretending to be a Desktop.ini. To save yourself the hassle of further sorting, you should turn to a good anti-malware application that can scan for infections without being slowed down by real Desktop.ini files. If the infection's currently running in memory, find a way to halt Desktop.ini prior to the scan, lest deleting the fake Desktop.ini process fail.