boot.ini disappears on restart or startup XP Pro

Last week the boot.ini file disappeared from my c:\ drive and the boot.ini
tab disappeared from msconfig. I can recreate the file using notepad or by
going to the control panel (system - advanced - start up and recovery -
edit) and paste the boot.ini text there. (I have made the files
"unhidden").

Whenever I restart or shut down the computer then turn it back on the
boot.ini file has been deleted again and the boot.ini tab from msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the backup
boot file. After this message disappears from the start-up procedure it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" oexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,

 

saltcity wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Last week the boot.ini file disappeared from my c: drive and the boot.ini
> tab disappeared from msconfig. I can recreate the file using notepad or by
> going to the control panel (system - advanced - start up and recovery -
> edit) and paste the boot.ini text there. (I have made the files
> "unhidden").
>
> Whenever I restart or shut down the computer then turn it back on the
> boot.ini file has been deleted again and the boot.ini tab from msconfig is no
> longer present.
>
> The message I get on startup is "Invalid boot.ini file. Booting from
> C:Windows".
>
> I believe this is looking at the C:WindowsPss directory for the backup
> boot file. After this message disappears from the start-up procedure it
> seems to boot normally.
>
> I am looking for help on finding why the boot.ini file is being deleted and
> a solution to keep it in place.
>
> The boot.ini file on C: is ----
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> Professional" oexecute=optin /fastdetect /PAE
>
>
> * The PC is a HP XW8200 quad core 2.
> * No Windows XP Pro install disk was received with the machine.
>
> Thank you,<!--colorc--><!--/colorc-->

Try making the file Read Only. That might prevent it from being
deleted.. Also limit the amount of files in the root folder, C:\

That MIGHT prevent its (boot.ini) demise.

--
Joe =o)

 

On May 28, 9:10 am, saltcity <saltc...@discussions.microsoft.com>
wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Last week the boot.ini file disappeared from my c: drive and the boot.ini
> tab disappeared from msconfig.  I can recreate the file using notepad or by
> going to the control panel  (system - advanced - start up and recovery  -
> edit) and paste the boot.ini text  there.      (I have made the files
> "unhidden").
>
> Whenever I restart  or shut down the computer then turn it back on the
> boot.ini file has been deleted again and the boot.ini tab from msconfig is no
> longer present.    
>
> The message I get on startup is "Invalid boot.ini file.   Booting from
> C:windows".
>
> I believe this  is looking at the c:windowspss directory for the backup
> boot file.  After  this message disappears from the start-up procedure it
> seem to boot  normally.  
>
> I am looking for help on finding why the boot.ini file is being deleted and
> a solution to keep it in place.
>
> The boot.ini file on C: is ----
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> Professional" oexecute=optin /fastdetect /PAE
>
> * The PC is a HP XW8200 quad core 2.  
> * No windows XP Pro install disk was received with the machine.
>
> Thank you,<!--colorc--><!--/colorc-->

Yes - it is not disappearing, it is being deleted.

You need to fix what is deleting it, not try to change the file
attributes so it is impossible to delete (which may not work anyway).
Whatever mechanism that is deleting it will still be there. Fix the
problem, not a symptom of the problem.

Sounds like a cute malware trick, so I would first try to eliminate
that possibility:

Download, install, update and do a full scan with these three free
malware detection programs:

Malwarebytes (MBAM):
SUPERAntiSpyware: (SAS):
AVG (AVG):

Jose

 

"Elmo" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> saltcity wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > Last week the boot.ini file disappeared from my c: drive and the boot.ini
> > tab disappeared from msconfig. I can recreate the file using notepad or by
> > going to the control panel (system - advanced - start up and recovery -
> > edit) and paste the boot.ini text there. (I have made the files
> > "unhidden").
> >
> > Whenever I restart or shut down the computer then turn it back on the
> > boot.ini file has been deleted again and the boot.ini tab from msconfig is no
> > longer present.
> >
> > The message I get on startup is "Invalid boot.ini file. Booting from
> > C:Windows".
> >
> > I believe this is looking at the C:WindowsPss directory for the backup
> > boot file. After this message disappears from the start-up procedure it
> > seems to boot normally.
> >
> > I am looking for help on finding why the boot.ini file is being deleted and
> > a solution to keep it in place.
> >
> > The boot.ini file on C: is ----
> >
> > [boot loader]
> > timeout=30
> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> > [operating systems]
> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> > Professional" oexecute=optin /fastdetect /PAE
> >
> >
> > * The PC is a HP XW8200 quad core 2.
> > * No Windows XP Pro install disk was received with the machine.
> >
> > Thank you,<!--colorc--><!--/colorc-->
>
> Try making the file Read Only. That might prevent it from being
> deleted.. Also limit the amount of files in the root folder, C:
>
> That MIGHT prevent its (boot.ini) demise.
>
> --
> Joe =o)
> <!--colorc--><!--/colorc-->

Hi Joe,

Verified that the boot.ini was read only and hidden. Same situation as
before, it disappeared.......on restart......

I have 11 files in the root directory of c:\ plus 17 folders. 43.8 gb
free out of 70 gb on this drive. 2 other drives on this machine.

 

saltcity wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> "Elmo" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> saltcity wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> Last week the boot.ini file disappeared from my c: drive and the
>>> boot.ini tab disappeared from msconfig. I can recreate the file
>>> using notepad or by going to the control panel (system - advanced
>>> - start up and recovery - edit) and paste the boot.ini text
>>> there. (I have made the files "unhidden").
>>>
>>> Whenever I restart or shut down the computer then turn it back on
>>> the boot.ini file has been deleted again and the boot.ini tab from
>>> msconfig is no longer present.
>>>
>>> The message I get on startup is "Invalid boot.ini file. Booting
>>> from C:Windows".
>>>
>>> I believe this is looking at the C:WindowsPss directory for the
>>> backup boot file. After this message disappears from the start-up
>>> procedure it seems to boot normally.
>>>
>>> I am looking for help on finding why the boot.ini file is being
>>> deleted and a solution to keep it in place.
>>>
>>> The boot.ini file on C: is ----
>>>
>>> [boot loader]
>>> timeout=30
>>> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>>> [operating systems]
>>> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>>> Professional" oexecute=optin /fastdetect /PAE
>>>
>>>
>>> * The PC is a HP XW8200 quad core 2.
>>> * No Windows XP Pro install disk was received with the machine.
>>>
>>> Thank you,<!--colorc--><!--/colorc-->
>>
>> Try making the file Read Only. That might prevent it from being
>> deleted.. Also limit the amount of files in the root folder, C:
>>
>> That MIGHT prevent its (boot.ini) demise.
>>
>> --
>> Joe =o)
>><!--colorc--><!--/colorc-->
>
> Hi Joe,
>
> Verified that the boot.ini was read only and hidden. Same situation
> as before, it disappeared.......on restart......
>
> I have 11 files in the root directory of c: plus 17 folders.
> 43.8 gb free out of 70 gb on this drive. 2 other drives on this
> machine.<!--colorc--><!--/colorc-->

It isn't the number of files of folders in the root causing your
problem; you can forget about that. IT's either malware or file
corruption. Truthfully, sounds like malware to me. Update your AV and
spyware detectors and do full scans of your system.
Meanwhile, create a "spare" boot.ini you can copy over for when you
need it.

Run them from Safe Mode for the ones that will run that way. Some may
not.
If that doesn't work other measures may be needed.

Let us know what AV and spyware detection software you used too, please.

HTH,

Twayne`

 

Jose wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> On May 28, 9:10 am, saltcity <saltc...@discussions.microsoft.com>
> wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
>> Last week the boot.ini file disappeared from my c: drive and the
>> boot.ini tab disappeared from msconfig. I can recreate the file
>> using notepad or by going to the control panel (system - advanced -
>> start up and recovery - edit) and paste the boot.ini text there. (I
>> have made the files "unhidden").
>>
>> Whenever I restart or shut down the computer then turn it back on the
>> boot.ini file has been deleted again and the boot.ini tab from
>> msconfig is no longer present.
>>
>> The message I get on startup is "Invalid boot.ini file. Booting from
>> C:windows".
>>
>> I believe this is looking at the c:windowspss directory for the
>> backup boot file. After this message disappears from the start-up
>> procedure it
>> seem to boot normally.
>>
>> I am looking for help on finding why the boot.ini file is being
>> deleted and a solution to keep it in place.
>>
>> The boot.ini file on C: is ----
>>
>> [boot loader]
>> timeout=30
>> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>> [operating systems]
>> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>> Professional" oexecute=optin /fastdetect /PAE
>>
>> * The PC is a HP XW8200 quad core 2.
>> * No windows XP Pro install disk was received with the machine.
>>
>> Thank you,<!--colorc--><!--/colorc-->
>
> Yes - it is not disappearing, it is being deleted.
>
> You need to fix what is deleting it, not try to change the file
> attributes so it is impossible to delete (which may not work anyway).
> Whatever mechanism that is deleting it will still be there. Fix the
> problem, not a symptom of the problem.
>
> Sounds like a cute malware trick, so I would first try to eliminate
> that possibility:
>
> Download, install, update and do a full scan with these three free
> malware detection programs:
>
> Malwarebytes (MBAM):
> SUPERAntiSpyware: (SAS):
> AVG (AVG):
>
> Jose<!--colorc--><!--/colorc-->

Since this is happening around the boot process, it's best to try them
to see if they will run from Safe Mode first, then regular if not.

 

Hi,
It seems to me that what 'Twayne' says in his post about it being the
result of malware, is your best bet.
However, there are also a couple of things you can do to stop this
problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT of your C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the file from
being deleted.
Do this by choosing properties on the file and going to the 'Security' tab.
Press on the 'Advanced' button and clear the check-box marked 'Inherit from
parent the permission entries.....' then click on 'Copy' on the box that
pops up.
Click on the 'Edit' button for every entry in the list and uncheck the
'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Meddick, Peckham, London.


"saltcity" <saltcity@discussions.microsoft.com> wrote in message
news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Last week the boot.ini file disappeared from my c: drive and the boot.ini
> tab disappeared from msconfig. I can recreate the file using notepad or
> by
> going to the control panel (system - advanced - start up and recovery -
> edit) and paste the boot.ini text there. (I have made the files
> "unhidden").
>
> Whenever I restart or shut down the computer then turn it back on the
> boot.ini file has been deleted again and the boot.ini tab from msconfig is
> no
> longer present.
>
> The message I get on startup is "Invalid boot.ini file. Booting from
> C:windows".
>
> I believe this is looking at the c:windowspss directory for the backup
> boot file. After this message disappears from the start-up procedure it
> seem to boot normally.
>
> I am looking for help on finding why the boot.ini file is being deleted
> and
> a solution to keep it in place.
>
> The boot.ini file on C: is ----
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> Professional" oexecute=optin /fastdetect /PAE
>
>
> * The PC is a HP XW8200 quad core 2.
> * No windows XP Pro install disk was received with the machine.
>
> Thank you, <!--colorc--><!--/colorc-->

 

"Jose" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> On May 28, 9:10 am, saltcity <saltc...@discussions.microsoft.com>
> wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > Last week the boot.ini file disappeared from my c: drive and the boot.ini
> > tab disappeared from msconfig. I can recreate the file using notepad or by
> > going to the control panel (system - advanced - start up and recovery -
> > edit) and paste the boot.ini text there. (I have made the files
> > "unhidden").
> >
> > Whenever I restart or shut down the computer then turn it back on the
> > boot.ini file has been deleted again and the boot.ini tab from msconfig is no
> > longer present.
> >
> > The message I get on startup is "Invalid boot.ini file. Booting from
> > C:windows".
> >
> > I believe this is looking at the c:windowspss directory for the backup
> > boot file. After this message disappears from the start-up procedure it
> > seem to boot normally.
> >
> > I am looking for help on finding why the boot.ini file is being deleted and
> > a solution to keep it in place.
> >
> > The boot.ini file on C: is ----
> >
> > [boot loader]
> > timeout=30
> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> > [operating systems]
> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> > Professional" oexecute=optin /fastdetect /PAE
> >
> > * The PC is a HP XW8200 quad core 2.
> > * No windows XP Pro install disk was received with the machine.
> >
> > Thank you,<!--colorc--><!--/colorc-->
>
> Yes - it is not disappearing, it is being deleted.
>
> You need to fix what is deleting it, not try to change the file
> attributes so it is impossible to delete (which may not work anyway).
> Whatever mechanism that is deleting it will still be there. Fix the
> problem, not a symptom of the problem.
>
> Sounds like a cute malware trick, so I would first try to eliminate
> that possibility:
>
> Download, install, update and do a full scan with these three free
> malware detection programs:
>
> Malwarebytes (MBAM):
> SUPERAntiSpyware: (SAS):
> AVG (AVG):
>
> Jose
> <!--colorc--><!--/colorc-->

Scans in process - found one infected file with Anti-Malware
- found one adware with SuperAntiVirus

Will let you know results on completion of scans in safe mode. So far the
boot.ini file is still being deleted. I am checking after each scan.

Jon

 

"Twayne" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> saltcity wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > "Elmo" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> saltcity wrote:
> >>> Last week the boot.ini file disappeared from my c: drive and the
> >>> boot.ini tab disappeared from msconfig. I can recreate the file
> >>> using notepad or by going to the control panel (system - advanced
> >>> - start up and recovery - edit) and paste the boot.ini text
> >>> there. (I have made the files "unhidden").
> >>>
> >>> Whenever I restart or shut down the computer then turn it back on
> >>> the boot.ini file has been deleted again and the boot.ini tab from
> >>> msconfig is no longer present.
> >>>
> >>> The message I get on startup is "Invalid boot.ini file. Booting
> >>> from C:Windows".
> >>>
> >>> I believe this is looking at the C:WindowsPss directory for the
> >>> backup boot file. After this message disappears from the start-up
> >>> procedure it seems to boot normally.
> >>>
> >>> I am looking for help on finding why the boot.ini file is being
> >>> deleted and a solution to keep it in place.
> >>>
> >>> The boot.ini file on C: is ----
> >>>
> >>> [boot loader]
> >>> timeout=30
> >>> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> >>> [operating systems]
> >>> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> >>> Professional" oexecute=optin /fastdetect /PAE
> >>>
> >>>
> >>> * The PC is a HP XW8200 quad core 2.
> >>> * No Windows XP Pro install disk was received with the machine.
> >>>
> >>> Thank you,
> >>
> >> Try making the file Read Only. That might prevent it from being
> >> deleted.. Also limit the amount of files in the root folder, C:
> >>
> >> That MIGHT prevent its (boot.ini) demise.
> >>
> >> --
> >> Joe =o)
> >><!--colorc--><!--/colorc-->
> >
> > Hi Joe,
> >
> > Verified that the boot.ini was read only and hidden. Same situation
> > as before, it disappeared.......on restart......
> >
> > I have 11 files in the root directory of c: plus 17 folders.
> > 43.8 gb free out of 70 gb on this drive. 2 other drives on this
> > machine.<!--colorc--><!--/colorc-->
>
> It isn't the number of files of folders in the root causing your
> problem; you can forget about that. IT's either malware or file
> corruption. Truthfully, sounds like malware to me. Update your AV and
> spyware detectors and do full scans of your system.
> Meanwhile, create a "spare" boot.ini you can copy over for when you
> need it.
>
> Run them from Safe Mode for the ones that will run that way. Some may
> not.
> If that doesn't work other measures may be needed.
>
> Let us know what AV and spyware detection software you used too, please.
>
> HTH,
>
> Twayne`
>
>
> <!--colorc--><!--/colorc-->

Using Malwarebytes - Anti-Malware, SuperAntivirus and AVG Antivirus
I had run SuperAnvirus and AVG yesterday but not in 'safe mode'.

Running all in 'save mode' this afternoon.



<!--coloro:blue--><span style="color:blue <!--/coloro-->
> <!--colorc--><!--/colorc-->

 

"saltcity" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
>
> "Twayne" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
> > saltcity wrote:<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> > > "Elmo" wrote:
> > >
> > >> saltcity wrote:
> > >>> Last week the boot.ini file disappeared from my c: drive and the
> > >>> boot.ini tab disappeared from msconfig. I can recreate the file
> > >>> using notepad or by going to the control panel (system - advanced
> > >>> - start up and recovery - edit) and paste the boot.ini text
> > >>> there. (I have made the files "unhidden").
> > >>>
> > >>> Whenever I restart or shut down the computer then turn it back on
> > >>> the boot.ini file has been deleted again and the boot.ini tab from
> > >>> msconfig is no longer present.
> > >>>
> > >>> The message I get on startup is "Invalid boot.ini file. Booting
> > >>> from C:Windows".
> > >>>
> > >>> I believe this is looking at the C:WindowsPss directory for the
> > >>> backup boot file. After this message disappears from the start-up
> > >>> procedure it seems to boot normally.
> > >>>
> > >>> I am looking for help on finding why the boot.ini file is being
> > >>> deleted and a solution to keep it in place.
> > >>>
> > >>> The boot.ini file on C: is ----
> > >>>
> > >>> [boot loader]
> > >>> timeout=30
> > >>> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> > >>> [operating systems]
> > >>> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> > >>> Professional" oexecute=optin /fastdetect /PAE
> > >>>
> > >>>
> > >>> * The PC is a HP XW8200 quad core 2.
> > >>> * No Windows XP Pro install disk was received with the machine.
> > >>>
> > >>> Thank you,
> > >>
> > >> Try making the file Read Only. That might prevent it from being
> > >> deleted.. Also limit the amount of files in the root folder, C:
> > >>
> > >> That MIGHT prevent its (boot.ini) demise.
> > >>
> > >> --
> > >> Joe =o)
> > >>
> > >
> > > Hi Joe,
> > >
> > > Verified that the boot.ini was read only and hidden. Same situation
> > > as before, it disappeared.......on restart......
> > >
> > > I have 11 files in the root directory of c: plus 17 folders.
> > > 43.8 gb free out of 70 gb on this drive. 2 other drives on this
> > > machine.<!--colorc--><!--/colorc-->
> >
> > It isn't the number of files of folders in the root causing your
> > problem; you can forget about that. IT's either malware or file
> > corruption. Truthfully, sounds like malware to me. Update your AV and
> > spyware detectors and do full scans of your system.
> > Meanwhile, create a "spare" boot.ini you can copy over for when you
> > need it.
> >
> > Run them from Safe Mode for the ones that will run that way. Some may
> > not.
> > If that doesn't work other measures may be needed.
> >
> > Let us know what AV and spyware detection software you used too, please.
> >
> > HTH,
> >
> > Twayne`
> >
> >
> > <!--colorc--><!--/colorc-->
>
> Using Malwarebytes - Anti-Malware, SuperAntiSpyware and AVG Antivirus
> I had run SuperAnvirus and AVG yesterday but not in 'safe mode'.
>
> Running all in 'save mode' this afternoon.
>
>
> <!--colorc--><!--/colorc-->
<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
> > <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Did you try my suggestion of copying your [c:\windows\pss\boot.ini.backup]
file to [c:\boot.ini] AND then setting the file permissions for boot.ini ?

==

Cheers, Tim Meddick, Peckham, London.



"saltcity" <saltcity@discussions.microsoft.com> wrote in message
news:AC814515-5B92-4708-8966-E274815A13B9@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
>
> "saltcity" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>>
>>
>> "Twayne" wrote:
>><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > saltcity wrote:
>> > > "Elmo" wrote:
>> > >
>> > >> saltcity wrote:
>> > >>> Last week the boot.ini file disappeared from my c: drive and the
>> > >>> boot.ini tab disappeared from msconfig. I can recreate the file
>> > >>> using notepad or by going to the control panel (system - advanced
>> > >>> - start up and recovery - edit) and paste the boot.ini text
>> > >>> there. (I have made the files "unhidden").
>> > >>>
>> > >>> Whenever I restart or shut down the computer then turn it back on
>> > >>> the boot.ini file has been deleted again and the boot.ini tab from
>> > >>> msconfig is no longer present.
>> > >>>
>> > >>> The message I get on startup is "Invalid boot.ini file. Booting
>> > >>> from C:Windows".
>> > >>>
>> > >>> I believe this is looking at the C:WindowsPss directory for the
>> > >>> backup boot file. After this message disappears from the start-up
>> > >>> procedure it seems to boot normally.
>> > >>>
>> > >>> I am looking for help on finding why the boot.ini file is being
>> > >>> deleted and a solution to keep it in place.
>> > >>>
>> > >>> The boot.ini file on C: is ----
>> > >>>
>> > >>> [boot loader]
>> > >>> timeout=30
>> > >>> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>> > >>> [operating systems]
>> > >>> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>> > >>> Professional" oexecute=optin /fastdetect /PAE
>> > >>>
>> > >>>
>> > >>> * The PC is a HP XW8200 quad core 2.
>> > >>> * No Windows XP Pro install disk was received with the machine.
>> > >>>
>> > >>> Thank you,
>> > >>
>> > >> Try making the file Read Only. That might prevent it from being
>> > >> deleted.. Also limit the amount of files in the root folder, C:
>> > >>
>> > >> That MIGHT prevent its (boot.ini) demise.
>> > >>
>> > >> --
>> > >> Joe =o)
>> > >>
>> > >
>> > > Hi Joe,
>> > >
>> > > Verified that the boot.ini was read only and hidden. Same situation
>> > > as before, it disappeared.......on restart......
>> > >
>> > > I have 11 files in the root directory of c: plus 17 folders.
>> > > 43.8 gb free out of 70 gb on this drive. 2 other drives on this
>> > > machine.
>> >
>> > It isn't the number of files of folders in the root causing your
>> > problem; you can forget about that. IT's either malware or file
>> > corruption. Truthfully, sounds like malware to me. Update your AV and
>> > spyware detectors and do full scans of your system.
>> > Meanwhile, create a "spare" boot.ini you can copy over for when you
>> > need it.
>> >
>> > Run them from Safe Mode for the ones that will run that way. Some may
>> > not.
>> > If that doesn't work other measures may be needed.
>> >
>> > Let us know what AV and spyware detection software you used too,
>> > please.
>> >
>> > HTH,
>> >
>> > Twayne`
>> >
>> >
>> ><!--colorc--><!--/colorc-->
>>
>> Using Malwarebytes - Anti-Malware, SuperAntiSpyware and AVG Antivirus
>> I had run SuperAnvirus and AVG yesterday but not in 'safe mode'.
>>
>> Running all in 'save mode' this afternoon.
>>
>>
>><!--colorc--><!--/colorc-->
><!--coloro:green--><span style="color:green <!--/coloro--><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > <!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Just finished the scans found one infected file and one adware. These were
quarantined and deleted successfully according to the Anti-Malware program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I don't see
the 'Security' tab on my computer when right clicking on the boot.ini file
and choosing properties. I think I am missing some step to get this
accomplished with XP pro.


I did change the attributes of the file as suggested but the boot.ini was
deleted again after restarting.

Jon
........................................



Tim Meddick" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Hi,
> It seems to me that what 'Twayne' says in his post about it being the
> result of malware, is your best bet.
> However, there are also a couple of things you can do to stop this
> problem.
>
> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your C:
> drive.
>
> 2). reset the permissions on the c:boot.ini file to stop the file from
> being deleted.
> Do this by choosing properties on the file and going to the 'Security' tab.
> Press on the 'Advanced' button and clear the check-box marked 'Inherit from
> parent the permission entries.....' then click on 'Copy' on the box that
> pops up.
> Click on the 'Edit' button for every entry in the list and uncheck the
> 'Delete' and 'Change Permissions' boxes.
> Press [ok] and [ok] to close both dialogues.
>
> This should prevent ANY application (or virus) from deleting the file.
>
> Also, further protect the file by typing the following:
>
>
> attrib +r +h +s c:boot.ini
>
>
> ....in a 'Command Prompt' window.
>
>
> ==
>
>
>
> Cheers, Tim Meddick, Peckham, London.
>
>
> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> > Last week the boot.ini file disappeared from my c: drive and the boot.ini
> > tab disappeared from msconfig. I can recreate the file using notepad or
> > by
> > going to the control panel (system - advanced - start up and recovery -
> > edit) and paste the boot.ini text there. (I have made the files
> > "unhidden").
> >
> > Whenever I restart or shut down the computer then turn it back on the
> > boot.ini file has been deleted again and the boot.ini tab from msconfig is
> > no
> > longer present.
> >
> > The message I get on startup is "Invalid boot.ini file. Booting from
> > C:windows".
> >
> > I believe this is looking at the c:windowspss directory for the backup
> > boot file. After this message disappears from the start-up procedure it
> > seem to boot normally.
> >
> > I am looking for help on finding why the boot.ini file is being deleted
> > and
> > a solution to keep it in place.
> >
> > The boot.ini file on C: is ----
> >
> > [boot loader]
> > timeout=30
> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> > [operating systems]
> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> > Professional" oexecute=optin /fastdetect /PAE
> >
> >
> > * The PC is a HP XW8200 quad core 2.
> > * No windows XP Pro install disk was received with the machine.
> >
> > Thank you, <!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->

 

saltcity wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Last week the boot.ini file disappeared from my c: drive and the
> boot.ini tab disappeared from msconfig. I can recreate the file
> using notepad or by going to the control panel (system - advanced -
> start up and recovery - edit) and paste the boot.ini text there.
> (I have made the files "unhidden").
>
> Whenever I restart or shut down the computer then turn it back on the
> boot.ini file has been deleted again and the boot.ini tab from
> msconfig is no longer present.
>
> The message I get on startup is "Invalid boot.ini file. Booting from
> C:windows".
>
> I believe this is looking at the c:windowspss directory for the
> backup boot file. After this message disappears from the start-up
> procedure it seem to boot normally.
>
> I am looking for help on finding why the boot.ini file is being
> deleted and a solution to keep it in place.
>
> The boot.ini file on C: is ----
>
> [boot loader]
> timeout=30
> default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> [operating systems]
> multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> Professional" oexecute=optin /fastdetect /PAE
>
>
> * The PC is a HP XW8200 quad core 2.
> * No windows XP Pro install disk was received with the machine.
>
> Thank you,<!--colorc--><!--/colorc-->

You might try Process Monitor to discover what program is accessing
boot.ini.

"Process Monitor is an advanced monitoring tool for Windows that shows
real-time file system, Registry and process/thread activity. It combines the
features of two legacy Sysinternals utilities, Filemon and Regmon, and adds
an extensive list of enhancements including rich and non-destructive
filtering, comprehensive event properties such session IDs and user names,
reliable process information, full thread stacks with integrated symbol
support for each operation, simultaneous logging to a file, and much more.
Its uniquely powerful features will make Process Monitor a core utility in
your system troubleshooting and malware hunting toolkit."

Microsoft has oodles of other utilities here:

 

saltcity <saltcity@discussions.microsoft.com> wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
>Just finished the scans found one infected file and one adware. These were
>quarantined and deleted successfully according to the Anti-Malware program.
>
>The boot.ini file is still being deleted after the scans.
>
>In Item 2) you mentioned changing the permission of the file. I don't see
>the 'Security' tab on my computer when right clicking on the boot.ini file
>and choosing properties. I think I am missing some step to get this
>accomplished with XP pro.
>
>
>I did change the attributes of the file as suggested but the boot.ini was
>deleted again after restarting.
>
>Jon
>.......................................
>
>
>
>Tim Meddick" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> Hi,
>> It seems to me that what 'Twayne' says in his post about it being the
>> result of malware, is your best bet.
>> However, there are also a couple of things you can do to stop this
>> problem.
>>
>> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your C:
>> drive.
>>
>> 2). reset the permissions on the c:boot.ini file to stop the file from
>> being deleted.
>> Do this by choosing properties on the file and going to the 'Security' tab.
>> Press on the 'Advanced' button and clear the check-box marked 'Inherit from
>> parent the permission entries.....' then click on 'Copy' on the box that
>> pops up.
>> Click on the 'Edit' button for every entry in the list and uncheck the
>> 'Delete' and 'Change Permissions' boxes.
>> Press [ok] and [ok] to close both dialogues.
>>
>> This should prevent ANY application (or virus) from deleting the file.
>>
>> Also, further protect the file by typing the following:
>>
>>
>> attrib +r +h +s c:boot.ini
>>
>>
>> ....in a 'Command Prompt' window.
>>
>>
>> ==
>>
>>
>>
>> Cheers, Tim Meddick, Peckham, London.
>>
>>
>> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
>> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > Last week the boot.ini file disappeared from my c: drive and the boot.ini
>> > tab disappeared from msconfig. I can recreate the file using notepad or
>> > by
>> > going to the control panel (system - advanced - start up and recovery -
>> > edit) and paste the boot.ini text there. (I have made the files
>> > "unhidden").
>> >
>> > Whenever I restart or shut down the computer then turn it back on the
>> > boot.ini file has been deleted again and the boot.ini tab from msconfig is
>> > no
>> > longer present.
>> >
>> > The message I get on startup is "Invalid boot.ini file. Booting from
>> > C:windows".
>> >
>> > I believe this is looking at the c:windowspss directory for the backup
>> > boot file. After this message disappears from the start-up procedure it
>> > seem to boot normally.
>> >
>> > I am looking for help on finding why the boot.ini file is being deleted
>> > and
>> > a solution to keep it in place.
>> >
>> > The boot.ini file on C: is ----
>> >
>> > [boot loader]
>> > timeout=30
>> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>> > [operating systems]
>> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>> > Professional" oexecute=optin /fastdetect /PAE
>> >
>> >
>> > * The PC is a HP XW8200 quad core 2.
>> > * No windows XP Pro install disk was received with the machine.
>> >
>> > Thank you, <!--colorc--><!--/colorc-->
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

Too bad there's no security tab. That most likely means you're using
FAT32 instead of NTFS...

You could try a stab in the dark and open regedit and look at your Run
and RunOnce keys at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and
RunOnce

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and
RunOnce

....and see if anything suspicious shows there.

Another way might be to download Sysinternal's AutoRuns and have a
look there to see what is automatically running.

HTH...

 

Powerful programs there. I checked process monitor last night and autoruns
this morning. So far I haven't found what might be causing the deletion of
the boot.ini. I did create a batch file to copy the boot.ini file back
to 'C:\' and placed it in the startup folder (start menu) to keep from
recreating the file everytime I turn the computer on or restart it. This
has saved some time but I am still looking for the cause of this file
deletion.

Thanks for your info and input.

Jon

"HeyBub" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> saltcity wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
> > Last week the boot.ini file disappeared from my c: drive and the
> > boot.ini tab disappeared from msconfig. I can recreate the file
> > using notepad or by going to the control panel (system - advanced -
> > start up and recovery - edit) and paste the boot.ini text there.
> > (I have made the files "unhidden").
> >
> > Whenever I restart or shut down the computer then turn it back on the
> > boot.ini file has been deleted again and the boot.ini tab from
> > msconfig is no longer present.
> >
> > The message I get on startup is "Invalid boot.ini file. Booting from
> > C:windows".
> >
> > I believe this is looking at the c:windowspss directory for the
> > backup boot file. After this message disappears from the start-up
> > procedure it seem to boot normally.
> >
> > I am looking for help on finding why the boot.ini file is being
> > deleted and a solution to keep it in place.
> >
> > The boot.ini file on C: is ----
> >
> > [boot loader]
> > timeout=30
> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> > [operating systems]
> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> > Professional" oexecute=optin /fastdetect /PAE
> >
> >
> > * The PC is a HP XW8200 quad core 2.
> > * No windows XP Pro install disk was received with the machine.
> >
> > Thank you,<!--colorc--><!--/colorc-->
>
> You might try Process Monitor to discover what program is accessing
> boot.ini.
>
> "Process Monitor is an advanced monitoring tool for Windows that shows
> real-time file system, Registry and process/thread activity. It combines the
> features of two legacy Sysinternals utilities, Filemon and Regmon, and adds
> an extensive list of enhancements including rich and non-destructive
> filtering, comprehensive event properties such session IDs and user names,
> reliable process information, full thread stacks with integrated symbol
> support for each operation, simultaneous logging to a file, and much more.
> Its uniquely powerful features will make Process Monitor a core utility in
> your system troubleshooting and malware hunting toolkit."
>
> Microsoft has oodles of other utilities here:
>
>
>
>
>
> <!--colorc--><!--/colorc-->

 

If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab in a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under 'Administrative
Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run" box on the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative Templates' >
'Windows Explorer' ...and find the item: 'Remove Security tab' under it.
You want to set this item to 'disabled' which will result in the 'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the change
should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not appear so
due to line-wrap - Please ensure that the command begins with 'reg and ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download and run it.
This also, will enable the 'Security' tab on a file's properties page.

==

Cheers, Tim Meddick, Peckham, London.



"saltcity" <saltcity@discussions.microsoft.com> wrote in message
news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Just finished the scans found one infected file and one adware. These
> were
> quarantined and deleted successfully according to the Anti-Malware
> program.
>
> The boot.ini file is still being deleted after the scans.
>
> In Item 2) you mentioned changing the permission of the file. I don't see
> the 'Security' tab on my computer when right clicking on the boot.ini file
> and choosing properties. I think I am missing some step to get this
> accomplished with XP pro.
>
>
> I did change the attributes of the file as suggested but the boot.ini was
> deleted again after restarting.
>
> Jon
> .......................................
>
>
>
> Tim Meddick" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> Hi,
>> It seems to me that what 'Twayne' says in his post about it being the
>> result of malware, is your best bet.
>> However, there are also a couple of things you can do to stop this
>> problem.
>>
>> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your C:
>> drive.
>>
>> 2). reset the permissions on the c:boot.ini file to stop the file from
>> being deleted.
>> Do this by choosing properties on the file and going to the 'Security'
>> tab.
>> Press on the 'Advanced' button and clear the check-box marked 'Inherit
>> from
>> parent the permission entries.....' then click on 'Copy' on the box that
>> pops up.
>> Click on the 'Edit' button for every entry in the list and uncheck the
>> 'Delete' and 'Change Permissions' boxes.
>> Press [ok] and [ok] to close both dialogues.
>>
>> This should prevent ANY application (or virus) from deleting the file.
>>
>> Also, further protect the file by typing the following:
>>
>>
>> attrib +r +h +s c:boot.ini
>>
>>
>> ....in a 'Command Prompt' window.
>>
>>
>> ==
>>
>>
>>
>> Cheers, Tim Meddick, Peckham, London.
>>
>>
>> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
>> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > Last week the boot.ini file disappeared from my c: drive and the
>> > boot.ini
>> > tab disappeared from msconfig. I can recreate the file using notepad
>> > or
>> > by
>> > going to the control panel (system - advanced - start up and
>> > ecovery -
>> > edit) and paste the boot.ini text there. (I have made the files
>> > "unhidden").
>> >
>> > Whenever I restart or shut down the computer then turn it back on the
>> > boot.ini file has been deleted again and the boot.ini tab from msconfig
>> > is
>> > no
>> > longer present.
>> >
>> > The message I get on startup is "Invalid boot.ini file. Booting from
>> > C:windows".
>> >
>> > I believe this is looking at the c:windowspss directory for the
>> > backup
>> > boot file. After this message disappears from the start-up procedure
>> > it
>> > seem to boot normally.
>> >
>> > I am looking for help on finding why the boot.ini file is being deleted
>> > and
>> > a solution to keep it in place.
>> >
>> > The boot.ini file on C: is ----
>> >
>> > [boot loader]
>> > timeout=30
>> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>> > [operating systems]
>> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>> > Professional" oexecute=optin /fastdetect /PAE
>> >
>> >
>> > * The PC is a HP XW8200 quad core 2.
>> > * No windows XP Pro install disk was received with the machine.
>> >
>> > Thank you,<!--colorc--><!--/colorc-->
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

saltcity wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Powerful programs there. I checked process monitor last night and
> autoruns this morning. So far I haven't found what might be causing
> the deletion of the boot.ini. I did create a batch file to copy
> the boot.ini file back to 'C:' and placed it in the startup folder
> (start menu) to keep from recreating the file everytime I turn the
> computer on or restart it. This has saved some time but I am
> still looking for the cause of this file deletion.
>
> Thanks for your info and input.
>
> Jon<!--colorc--><!--/colorc-->

Well, SOMETHING'S got to be touching it! You might try deleting boot.ini and
see who complains about it not being there...

 

I did create a batch file to copy the boot.ini file back to 'C:\' and placed
it in the startup folder (start menu) to keep from recreating the file
everytime I turn the computer on or restart it. I'm still having problems
finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and error
that states mmc can't open the file.


Jon

"Tim Meddick" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab in a
> file's properties page:
>
> Open the 'Group Policy Editor' on the 'Start Menu' under 'Administrative
> Tools'
> (or type: mmc c:windowssystem32grupedit.msc in the "Run" box on the
> 'Start menu')
> Then locate the item: 'User Configuration' > 'Administrative Templates' >
> 'Windows Explorer' ...and find the item: 'Remove Security tab' under it.
> You want to set this item to 'disabled' which will result in the 'Security
> Tab' being visible under that user.
> You may possibly have to logoff / logon to see the change, but the change
> should be immediate.
>
>
> *Or copy and paste the following into the "Run" box on the 'Start Menu':
>
>
>
> reg ADD HKLMSystemCurrentControlSetControlLsa /v forceguest /t REG_DWORD
> /d 0 /f
>
>
>
> ....(*Note - the preceding command is all on one line but may not appear so
> due to line-wrap - Please ensure that the command begins with 'reg and ends
> with '/f')
>
>
> *Or, if you are able to 'see' the attached (.vbs) file, download and run it.
> This also, will enable the 'Security' tab on a file's properties page.
>
> ==
>
> Cheers, Tim Meddick, Peckham, London.
>
>
>
> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> > Just finished the scans found one infected file and one adware. These
> > were
> > quarantined and deleted successfully according to the Anti-Malware
> > program.
> >
> > The boot.ini file is still being deleted after the scans.
> >
> > In Item 2) you mentioned changing the permission of the file. I don't see
> > the 'Security' tab on my computer when right clicking on the boot.ini file
> > and choosing properties. I think I am missing some step to get this
> > accomplished with XP pro.
> >
> >
> > I did change the attributes of the file as suggested but the boot.ini was
> > deleted again after restarting.
> >
> > Jon
> > .......................................
> >
> >
> >
> > Tim Meddick" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> Hi,
> >> It seems to me that what 'Twayne' says in his post about it being the
> >> result of malware, is your best bet.
> >> However, there are also a couple of things you can do to stop this
> >> problem.
> >>
> >> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your C:
> >> drive.
> >>
> >> 2). reset the permissions on the c:boot.ini file to stop the file from
> >> being deleted.
> >> Do this by choosing properties on the file and going to the 'Security'
> >> tab.
> >> Press on the 'Advanced' button and clear the check-box marked 'Inherit
> >> from
> >> parent the permission entries.....' then click on 'Copy' on the box that
> >> pops up.
> >> Click on the 'Edit' button for every entry in the list and uncheck the
> >> 'Delete' and 'Change Permissions' boxes.
> >> Press [ok] and [ok] to close both dialogues.
> >>
> >> This should prevent ANY application (or virus) from deleting the file.
> >>
> >> Also, further protect the file by typing the following:
> >>
> >>
> >> attrib +r +h +s c:boot.ini
> >>
> >>
> >> ....in a 'Command Prompt' window.
> >>
> >>
> >> ==
> >>
> >>
> >>
> >> Cheers, Tim Meddick, Peckham, London.
> >>
> >>
> >> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> >> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...
> >> > Last week the boot.ini file disappeared from my c: drive and the
> >> > boot.ini
> >> > tab disappeared from msconfig. I can recreate the file using notepad
> >> > or
> >> > by
> >> > going to the control panel (system - advanced - start up and
> >> > ecovery -
> >> > edit) and paste the boot.ini text there. (I have made the files
> >> > "unhidden").
> >> >
> >> > Whenever I restart or shut down the computer then turn it back on the
> >> > boot.ini file has been deleted again and the boot.ini tab from msconfig
> >> > is
> >> > no
> >> > longer present.
> >> >
> >> > The message I get on startup is "Invalid boot.ini file. Booting from
> >> > C:windows".
> >> >
> >> > I believe this is looking at the c:windowspss directory for the
> >> > backup
> >> > boot file. After this message disappears from the start-up procedure
> >> > it
> >> > seem to boot normally.
> >> >
> >> > I am looking for help on finding why the boot.ini file is being deleted
> >> > and
> >> > a solution to keep it in place.
> >> >
> >> > The boot.ini file on C: is ----
> >> >
> >> > [boot loader]
> >> > timeout=30
> >> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> >> > [operating systems]
> >> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> >> > Professional" oexecute=optin /fastdetect /PAE
> >> >
> >> >
> >> > * The PC is a HP XW8200 quad core 2.
> >> > * No windows XP Pro install disk was received with the machine.
> >> >
> >> > Thank you,
> >>
> >>
> >> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->

 

I gave three ways in which to 'activate' the 'Security Tab' to be seen on a
file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest and after
you have 'run' it in the 'run' box on the 'Start Menu' you will immediately
be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste' them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E for Edit)
the permissions for the 'Users' group and (just in case, but more
importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only permission
(halting the FULL control the SYSTEM usually has over the file).

This will effectively STOP any attempt by the system to delete or even
change the file, while allowing it to enumerate (read) it during the boot
process.

==

Cheers, Tim Meddick, Peckham, London.




"saltcity" <saltcity@discussions.microsoft.com> wrote in message
news:FB9DF603-408A-4521-9BBB-97AE2FEF98CB@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
>I did create a batch file to copy the boot.ini file back to 'C:' and
>placed
> it in the startup folder (start menu) to keep from recreating the file
> everytime I turn the computer on or restart it. I'm still having problems
> finding the security tab.
>
> Here's what I have under the Administrative Tools
> Component Services
> Computer Management
> Data Sources (ODBC)
> Event Viewer
> Local Security Policy
> Microsoft.NET Framework 1.1 Configuration
> Microsoft.NET Framework 1.1 Wizards
> Performance
> Services
>
> I'm still not seeing the items you mentioned and typing
> mmc c:windows system32grupedit.msc in the run box brings and error
> that states mmc can't open the file.
>
>
> Jon
>
> "Tim Meddick" wrote:
><!--coloro:green--><span style="color:green <!--/coloro-->
>> If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab in
>> a
>> file's properties page:
>>
>> Open the 'Group Policy Editor' on the 'Start Menu' under 'Administrative
>> Tools'
>> (or type: mmc c:windowssystem32grupedit.msc in the "Run" box on
>> the
>> 'Start menu')
>> Then locate the item: 'User Configuration' > 'Administrative Templates' >
>> 'Windows Explorer' ...and find the item: 'Remove Security tab' under
>> it.
>> You want to set this item to 'disabled' which will result in the
>> 'Security
>> Tab' being visible under that user.
>> You may possibly have to logoff / logon to see the change, but the change
>> should be immediate.
>>
>>
>> *Or copy and paste the following into the "Run" box on the 'Start Menu':
>>
>>
>>
>> reg ADD HKLMSystemCurrentControlSetControlLsa /v forceguest /t
>> REG_DWORD
>> /d 0 /f
>>
>>
>>
>> ....(*Note - the preceding command is all on one line but may not appear
>> so
>> due to line-wrap - Please ensure that the command begins with 'reg and
>> ends
>> with '/f')
>>
>>
>> *Or, if you are able to 'see' the attached (.vbs) file, download and run
>> it.
>> This also, will enable the 'Security' tab on a file's properties page.
>>
>> ==
>>
>> Cheers, Tim Meddick, Peckham, London.
>>
>>
>>
>> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
>> news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@microsoft.com...<!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>> > Just finished the scans found one infected file and one adware. These
>> > were
>> > quarantined and deleted successfully according to the Anti-Malware
>> > program.
>> >
>> > The boot.ini file is still being deleted after the scans.
>> >
>> > In Item 2) you mentioned changing the permission of the file. I don't
>> > see
>> > the 'Security' tab on my computer when right clicking on the boot.ini
>> > file
>> > and choosing properties. I think I am missing some step to get this
>> > accomplished with XP pro.
>> >
>> >
>> > I did change the attributes of the file as suggested but the boot.ini
>> > was
>> > deleted again after restarting.
>> >
>> > Jon
>> > .......................................
>> >
>> >
>> >
>> > Tim Meddick" wrote:
>> >
>> >> Hi,
>> >> It seems to me that what 'Twayne' says in his post about it being
>> >> the
>> >> result of malware, is your best bet.
>> >> However, there are also a couple of things you can do to stop this
>> >> problem.
>> >>
>> >> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your
>> >> C:
>> >> drive.
>> >>
>> >> 2). reset the permissions on the c:boot.ini file to stop the file
>> >> from
>> >> being deleted.
>> >> Do this by choosing properties on the file and going to the 'Security'
>> >> tab.
>> >> Press on the 'Advanced' button and clear the check-box marked 'Inherit
>> >> from
>> >> parent the permission entries.....' then click on 'Copy' on the box
>> >> that
>> >> pops up.
>> >> Click on the 'Edit' button for every entry in the list and uncheck the
>> >> 'Delete' and 'Change Permissions' boxes.
>> >> Press [ok] and [ok] to close both dialogues.
>> >>
>> >> This should prevent ANY application (or virus) from deleting the file.
>> >>
>> >> Also, further protect the file by typing the following:
>> >>
>> >>
>> >> attrib +r +h +s c:boot.ini
>> >>
>> >>
>> >> ....in a 'Command Prompt' window.
>> >>
>> >>
>> >> ==
>> >>
>> >>
>> >>
>> >> Cheers, Tim Meddick, Peckham, London.
>> >>
>> >>
>> >> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
>> >> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...
>> >> > Last week the boot.ini file disappeared from my c: drive and the
>> >> > boot.ini
>> >> > tab disappeared from msconfig. I can recreate the file using
>> >> > notepad
>> >> > or
>> >> > by
>> >> > going to the control panel (system - advanced - start up and
>> >> > ecovery -
>> >> > edit) and paste the boot.ini text there. (I have made the
>> >> > files
>> >> > "unhidden").
>> >> >
>> >> > Whenever I restart or shut down the computer then turn it back on
>> >> > the
>> >> > boot.ini file has been deleted again and the boot.ini tab from
>> >> > msconfig
>> >> > is
>> >> > no
>> >> > longer present.
>> >> >
>> >> > The message I get on startup is "Invalid boot.ini file. Booting
>> >> > from
>> >> > C:windows".
>> >> >
>> >> > I believe this is looking at the c:windowspss directory for the
>> >> > backup
>> >> > boot file. After this message disappears from the start-up
>> >> > procedure
>> >> > it
>> >> > seem to boot normally.
>> >> >
>> >> > I am looking for help on finding why the boot.ini file is being
>> >> > deleted
>> >> > and
>> >> > a solution to keep it in place.
>> >> >
>> >> > The boot.ini file on C: is ----
>> >> >
>> >> > [boot loader]
>> >> > timeout=30
>> >> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
>> >> > [operating systems]
>> >> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
>> >> > Professional" oexecute=optin /fastdetect /PAE
>> >> >
>> >> >
>> >> > * The PC is a HP XW8200 quad core 2.
>> >> > * No windows XP Pro install disk was received with the machine.
>> >> >
>> >> > Thank you,
>> >>
>> >>
>> >><!--colorc--><!--/colorc-->
>>
>>
>> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->

 

Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the security
tab is showing up on the file properties. As I understand this process-
the boot.ini should have been in a 'state' that would make it untouchable by
any system process.

After removing the batch file to recreate the boot.ini during startup I
found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful reboot
without the "Invalid boot.ini file. Booting from C:\windows" message.
However, then doing a restart of the computer again the message reappeared
and I found that again the boot.ini file had disappeared. I did this
twice again and each time after creating the boot.ini file and rebooting the
computer it was successful on the initial startup but on the second reboot
the file had been deleted again.

The only way that I can get the computer to reboot repeatedly without the
"Invalid boot.ini file. "Invalid boot.ini file. Booting from C:\windows"
message is to keep a batch file in the startup folded to copy the boot.ini
file back to C:\

The 3 steps listed in a previous message would not run. I could not make
the Security tab visible.

Jon

<


"Tim Meddick" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> I gave three ways in which to 'activate' the 'Security Tab' to be seen on a
> file's property page.
>
> Which of them is causing you problems?
>
> Personally I think the 'copy and paste' suggestion is the simplest and after
> you have 'run' it in the 'run' box on the 'Start Menu' you will immediately
> be able to see the 'Security Page'.
>
>
> However, another way of setting the acls (Access Control Lists - or
> permissions) of the 'boot.ini' file, is to execute ALL the following
> commands from a 'Command Prompt' window (DOS box) ('copy and paste' them):
>
>
>
> cacls boot.ini /E /R Users
> cacls boot.ini /E /R SYSTEM
> cacls boot.ini /E /G Users:R
> cacls boot.ini /E /D SYSTEM
> cacls boot.ini /E /G SYSTEM:R
>
>
>
> ....this will have the effect of removing (/R stands for Revoke /E for Edit)
> the permissions for the 'Users' group and (just in case, but more
> importantly) the SYSTEM account.
> Then, Denying the SYSTEM account access to the file (/D).
> Finally, re-setting the SYSTEM account, granting it read-only permission
> (halting the FULL control the SYSTEM usually has over the file).
>
> This will effectively STOP any attempt by the system to delete or even
> change the file, while allowing it to enumerate (read) it during the boot
> process.
>
> ==
>
> Cheers, Tim Meddick, Peckham, London.
>
>
>
>
> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> news:FB9DF603-408A-4521-9BBB-97AE2FEF98CB@microsoft.com...<!--coloro:green--><span style="color:green <!--/coloro-->
> >I did create a batch file to copy the boot.ini file back to 'C:' and
> >placed
> > it in the startup folder (start menu) to keep from recreating the file
> > everytime I turn the computer on or restart it. I'm still having problems
> > finding the security tab.
> >
> > Here's what I have under the Administrative Tools
> > Component Services
> > Computer Management
> > Data Sources (ODBC)
> > Event Viewer
> > Local Security Policy
> > Microsoft.NET Framework 1.1 Configuration
> > Microsoft.NET Framework 1.1 Wizards
> > Performance
> > Services
> >
> > I'm still not seeing the items you mentioned and typing
> > mmc c:windows system32grupedit.msc in the run box brings and error
> > that states mmc can't open the file.
> >
> >
> > Jon
> >
> > "Tim Meddick" wrote:
> ><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> >> If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab in
> >> a
> >> file's properties page:
> >>
> >> Open the 'Group Policy Editor' on the 'Start Menu' under 'Administrative
> >> Tools'
> >> (or type: mmc c:windowssystem32grupedit.msc in the "Run" box on
> >> the
> >> 'Start menu')
> >> Then locate the item: 'User Configuration' > 'Administrative Templates' >
> >> 'Windows Explorer' ...and find the item: 'Remove Security tab' under
> >> it.
> >> You want to set this item to 'disabled' which will result in the
> >> 'Security
> >> Tab' being visible under that user.
> >> You may possibly have to logoff / logon to see the change, but the change
> >> should be immediate.
> >>
> >>
> >> *Or copy and paste the following into the "Run" box on the 'Start Menu':
> >>
> >>
> >>
> >> reg ADD HKLMSystemCurrentControlSetControlLsa /v forceguest /t
> >> REG_DWORD
> >> /d 0 /f
> >>
> >>
> >>
> >> ....(*Note - the preceding command is all on one line but may not appear
> >> so
> >> due to line-wrap - Please ensure that the command begins with 'reg and
> >> ends
> >> with '/f')
> >>
> >>
> >> *Or, if you are able to 'see' the attached (.vbs) file, download and run
> >> it.
> >> This also, will enable the 'Security' tab on a file's properties page.
> >>
> >> ==
> >>
> >> Cheers, Tim Meddick, Peckham, London.
> >>
> >>
> >>
> >> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> >> news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@microsoft.com...
> >> > Just finished the scans found one infected file and one adware. These
> >> > were
> >> > quarantined and deleted successfully according to the Anti-Malware
> >> > program.
> >> >
> >> > The boot.ini file is still being deleted after the scans.
> >> >
> >> > In Item 2) you mentioned changing the permission of the file. I don't
> >> > see
> >> > the 'Security' tab on my computer when right clicking on the boot.ini
> >> > file
> >> > and choosing properties. I think I am missing some step to get this
> >> > accomplished with XP pro.
> >> >
> >> >
> >> > I did change the attributes of the file as suggested but the boot.ini
> >> > was
> >> > deleted again after restarting.
> >> >
> >> > Jon
> >> > .......................................
> >> >
> >> >
> >> >
> >> > Tim Meddick" wrote:
> >> >
> >> >> Hi,
> >> >> It seems to me that what 'Twayne' says in his post about it being
> >> >> the
> >> >> result of malware, is your best bet.
> >> >> However, there are also a couple of things you can do to stop this
> >> >> problem.
> >> >>
> >> >> 1). Copy your c:windowspssboot.ini.backup file to the ROOT of your
> >> >> C:
> >> >> drive.
> >> >>
> >> >> 2). reset the permissions on the c:boot.ini file to stop the file
> >> >> from
> >> >> being deleted.
> >> >> Do this by choosing properties on the file and going to the 'Security'
> >> >> tab.
> >> >> Press on the 'Advanced' button and clear the check-box marked 'Inherit
> >> >> from
> >> >> parent the permission entries.....' then click on 'Copy' on the box
> >> >> that
> >> >> pops up.
> >> >> Click on the 'Edit' button for every entry in the list and uncheck the
> >> >> 'Delete' and 'Change Permissions' boxes.
> >> >> Press [ok] and [ok] to close both dialogues.
> >> >>
> >> >> This should prevent ANY application (or virus) from deleting the file.
> >> >>
> >> >> Also, further protect the file by typing the following:
> >> >>
> >> >>
> >> >> attrib +r +h +s c:boot.ini
> >> >>
> >> >>
> >> >> ....in a 'Command Prompt' window.
> >> >>
> >> >>
> >> >> ==
> >> >>
> >> >>
> >> >>
> >> >> Cheers, Tim Meddick, Peckham, London.
> >> >>
> >> >>
> >> >> "saltcity" <saltcity@discussions.microsoft.com> wrote in message
> >> >> news:49581BA6-D388-4298-BD8E-1163676A1476@microsoft.com...
> >> >> > Last week the boot.ini file disappeared from my c: drive and the
> >> >> > boot.ini
> >> >> > tab disappeared from msconfig. I can recreate the file using
> >> >> > notepad
> >> >> > or
> >> >> > by
> >> >> > going to the control panel (system - advanced - start up and
> >> >> > ecovery -
> >> >> > edit) and paste the boot.ini text there. (I have made the
> >> >> > files
> >> >> > "unhidden").
> >> >> >
> >> >> > Whenever I restart or shut down the computer then turn it back on
> >> >> > the
> >> >> > boot.ini file has been deleted again and the boot.ini tab from
> >> >> > msconfig
> >> >> > is
> >> >> > no
> >> >> > longer present.
> >> >> >
> >> >> > The message I get on startup is "Invalid boot.ini file. Booting
> >> >> > from
> >> >> > C:windows".
> >> >> >
> >> >> > I believe this is looking at the c:windowspss directory for the
> >> >> > backup
> >> >> > boot file. After this message disappears from the start-up
> >> >> > procedure
> >> >> > it
> >> >> > seem to boot normally.
> >> >> >
> >> >> > I am looking for help on finding why the boot.ini file is being
> >> >> > deleted
> >> >> > and
> >> >> > a solution to keep it in place.
> >> >> >
> >> >> > The boot.ini file on C: is ----
> >> >> >
> >> >> > [boot loader]
> >> >> > timeout=30
> >> >> > default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
> >> >> > [operating systems]
> >> >> > multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
> >> >> > Professional" oexecute=optin /fastdetect /PAE
> >> >> >
> >> >> >
> >> >> > * The PC is a HP XW8200 quad core 2.
> >> >> > * No windows XP Pro install disk was received with the machine.
> >> >> >
> >> >> > Thank you,
> >> >>
> >> >>
> >> >>
> >>
> >>
> >> <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
>
>
> <!--colorc--><!--/colorc-->