Re: boot.ini disappears on restart or startup XP Pro

IMO you are the victim of malware whether it be a virus, trojan, worm
etc..

Has anyone yet asked you to post your boot.ini file? I suggest you do
so.

You could go ahead and throw an arsenal of AV and spyware detectors at
your machnine as more than one person has suggested but I don't see any
results of such a thing mentioned by you.

For the length of time you have invested on this problem you could have
easily backed up and then rebuilt your whole system manually from
scratch and been back to work by now. And that's what I'd suggest you
do next since none of the other advice here has been of any use, or was
ignored, by you. If you don't have an imaging program or any backup
software, use XP's native ntbackup.exe for now; it'll server you well,
costs nothing and requires little of your own time other than to start
it up.

HTH,

Twayne`





saltcity wrote:
Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the
security tab is showing up on the file properties. As I understand
this process- the boot.ini should have been in a 'state' that would
make it untouchable by any system process.

After removing the batch file to recreate the boot.ini during startup
I found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful
reboot without the "Invalid boot.ini file. Booting from C:\windows"
message. However, then doing a restart of the computer again the
message reappeared and I found that again the boot.ini file had
disappeared. I did this twice again and each time after creating
the boot.ini file and rebooting the computer it was successful on the
initial startup but on the second reboot the file had been deleted
again.

The only way that I can get the computer to reboot repeatedly without
the "Invalid boot.ini file. "Invalid boot.ini file. Booting from
C:\windows" message is to keep a batch file in the startup folded to
copy the boot.ini file back to C:\

The 3 steps listed in a previous message would not run. I could not
make the Security tab visible.

Jon

<


"Tim Med***" wrote:

I gave three ways in which to 'activate' the 'Security Tab' to be
seen on a file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest
and after you have 'run' it in the 'run' box on the 'Start Menu' you
will immediately be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste'
them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E
for Edit) the permissions for the 'Users' group and (just in case,
but more importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only
permission (halting the FULL control the SYSTEM usually has over the
file).

This will effectively STOP any attempt by the system to delete or
even change the file, while allowing it to enumerate (read) it
during the boot process.

==

Cheers, Tim Med***, Peckham, London. :-)




"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FB9DF603-408A-4521-9BBB-97AE2FEF98CB@xxxxxxxxxxxxxxxx
I did create a batch file to copy the boot.ini file back to 'C:\'
and placed
it in the startup folder (start menu) to keep from recreating the
file everytime I turn the computer on or restart it. I'm still
having problems finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and
error that states mmc can't open the file.


Jon

"Tim Med***" wrote:

If you have XP (Pro) then, here is how to 'Enable' the 'Security'
tab in a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under
'Administrative Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run"
box on the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative
Templates' > 'Windows Explorer' ...and find the item: 'Remove
Security tab' under it.
You want to set this item to 'disabled' which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the
change should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start
Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not
appear so
due to line-wrap - Please ensure that the command begins with 'reg
and ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download
and run it.
This also, will enable the 'Security' tab on a file's properties
page.

==

Cheers, Tim Med***, Peckham, London. :-)



"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:822D9189-2C37-42A7-BC31-1A6FD0BEAA0F@xxxxxxxxxxxxxxxx
Just finished the scans found one infected file and one adware.
These were
quarantined and deleted successfully according to the Anti-Malware
program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I
don't see
the 'Security' tab on my computer when right clicking on the
boot.ini file
and choosing properties. I think I am missing some step to get
this accomplished with XP pro.


I did change the attributes of the file as suggested but the
boot.ini was
deleted again after restarting.

Jon
.......................................



Tim Med***" wrote:

Hi,
It seems to me that what 'Twayne' says in his post about it
being the
result of malware, is your best bet.
However, there are also a couple of things you can do to
stop this problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT
of your C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the
file from
being deleted.
Do this by choosing properties on the file and going to the
'Security' tab.
Press on the 'Advanced' button and clear the check-box marked
'Inherit from
parent the permission entries.....' then click on 'Copy' on the
box that
pops up.
Click on the 'Edit' button for every entry in the list and
uncheck the 'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the
file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Med***, Peckham, London. :-)


"saltcity" <saltcity@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:49581BA6-D388-4298-BD8E-1163676A1476@xxxxxxxxxxxxxxxx
Last week the boot.ini file disappeared from my c:\ drive and
the boot.ini
tab disappeared from msconfig. I can recreate the file using
notepad
or
by
going to the control panel (system - advanced - start up and
ecovery -
edit) and paste the boot.ini text there. (I have made the
files
"unhidden").

Whenever I restart or shut down the computer then turn it back
on the
boot.ini file has been deleted again and the boot.ini tab from
msconfig
is
no
longer present.

The message I get on startup is "Invalid boot.ini file.
Booting from
C:\windows".

I believe this is looking at the c:\windows\pss directory for
the backup
boot file. After this message disappears from the start-up
procedure
it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted
and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows
XP Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,



.