Re: boot.ini disappears on restart or startup XP Pro

Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the security
tab is showing up on the file properties. As I understand this process-
the boot.ini should have been in a 'state' that would make it untouchable by
any system process.

After removing the batch file to recreate the boot.ini during startup I
found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful reboot
without the "Invalid boot.ini file. Booting from C:\windows" message.
However, then doing a restart of the computer again the message reappeared
and I found that again the boot.ini file had disappeared. I did this
twice again and each time after creating the boot.ini file and rebooting the
computer it was successful on the initial startup but on the second reboot
the file had been deleted again.

The only way that I can get the computer to reboot repeatedly without the
"Invalid boot.ini file. "Invalid boot.ini file. Booting from C:\windows"
message is to keep a batch file in the startup folded to copy the boot.ini
file back to C:\

The 3 steps listed in a previous message would not run. I could not make
the Security tab visible.

Jon

<


"Tim Med***" wrote:

I gave three ways in which to 'activate' the 'Security Tab' to be seen on a
file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest and after
you have 'run' it in the 'run' box on the 'Start Menu' you will immediately
be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste' them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E for Edit)
the permissions for the 'Users' group and (just in case, but more
importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only permission
(halting the FULL control the SYSTEM usually has over the file).

This will effectively STOP any attempt by the system to delete or even
change the file, while allowing it to enumerate (read) it during the boot
process.

==

Cheers, Tim Med***, Peckham, London. :-)




"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FB9DF603-408A-4521-9BBB-97AE2FEF98CB@xxxxxxxxxxxxxxxx
I did create a batch file to copy the boot.ini file back to 'C:\' and
placed
it in the startup folder (start menu) to keep from recreating the file
everytime I turn the computer on or restart it. I'm still having problems
finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and error
that states mmc can't open the file.


Jon

"Tim Med***" wrote:

If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab in
a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under 'Administrative
Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run" box on
the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative Templates' >
'Windows Explorer' ...and find the item: 'Remove Security tab' under
it.
You want to set this item to 'disabled' which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the change
should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not appear
so
due to line-wrap - Please ensure that the command begins with 'reg and
ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download and run
it.
This also, will enable the 'Security' tab on a file's properties page.

==

Cheers, Tim Med***, Peckham, London. :-)



"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@xxxxxxxxxxxxxxxx
Just finished the scans found one infected file and one adware. These
were
quarantined and deleted successfully according to the Anti-Malware
program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I don't
see
the 'Security' tab on my computer when right clicking on the boot.ini
file
and choosing properties. I think I am missing some step to get this
accomplished with XP pro.


I did change the attributes of the file as suggested but the boot.ini
was
deleted again after restarting.

Jon
.......................................



Tim Med***" wrote:

Hi,
It seems to me that what 'Twayne' says in his post about it being
the
result of malware, is your best bet.
However, there are also a couple of things you can do to stop this
problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT of your
C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the file
from
being deleted.
Do this by choosing properties on the file and going to the 'Security'
tab.
Press on the 'Advanced' button and clear the check-box marked 'Inherit
from
parent the permission entries.....' then click on 'Copy' on the box
that
pops up.
Click on the 'Edit' button for every entry in the list and uncheck the
'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Med***, Peckham, London. :-)


"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49581BA6-D388-4298-BD8E-1163676A1476@xxxxxxxxxxxxxxxx
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using
notepad
or
by
going to the control panel (system - advanced - start up and
ecovery -
edit) and paste the boot.ini text there. (I have made the
files
"unhidden").

Whenever I restart or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig
is
no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the
backup
boot file. After this message disappears from the start-up
procedure
it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted
and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,









.