boot.ini disappears on restart or startup XP Pro

[Tim Meddick]

A step back for a moment - the whole 'Security tab' thing was meant (by me,
at any rate) to be just something you could also try.

The main thing is that this sounds *very* much like an effect of a virus /
malware infection.

While you can still try and treat the 'symptoms' (by trying to stop
boot.ini from being deleted) the problem remains that, as far as I know, a
boot.ini file that has incorrect data (or invalid file paths) within it,
does not normally get deleted!!

This leaves another non-windows process as being the culprit!

Have you done your AntiVirus scans?

Have you tried running 'Task Manager' at the moment you have the message on
the screen to see what process is the origin of it?

Also (quite important) to download and run MalwareBytes (quite the best free
program for repairing a malware infected machine) available from:

http://www.malwarebytes.org/mbam.php

==

Cheers, Tim Meddick, Peckham, London.

Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the security
tab is showing up on the file properties. As I understand this process-
the boot.ini should have been in a 'state' that would make it untouchable
by
any system process.

After removing the batch file to recreate the boot.ini during startup I
found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful
reboot
without the "Invalid boot.ini file. Booting from C:\windows" message.
However, then doing a restart of the computer again the message reappeared
and I found that again the boot.ini file had disappeared. I did this
twice again and each time after creating the boot.ini file and rebooting
the
computer it was successful on the initial startup but on the second reboot
the file had been deleted again.

The only way that I can get the computer to reboot repeatedly without the
"Invalid boot.ini file. "Invalid boot.ini file. Booting from
C:\windows"
message is to keep a batch file in the startup folded to copy the boot.ini
file back to C:\

The 3 steps listed in a previous message would not run. I could not make
the Security tab visible.

Jon

<

I gave three ways in which to 'activate' the 'Security Tab' to be seen on
a
file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest and
after
you have 'run' it in the 'run' box on the 'Start Menu' you will
immediately
be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste'
them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E for
Edit)
the permissions for the 'Users' group and (just in case, but more
importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only permission
(halting the FULL control the SYSTEM usually has over the file).

This will effectively STOP any attempt by the system to delete or even
change the file, while allowing it to enumerate (read) it during the boot
process.

==

Cheers, Tim Meddick, Peckham, London.

I did create a batch file to copy the boot.ini file back to 'C:\' and
placed
it in the startup folder (start menu) to keep from recreating the file
everytime I turn the computer on or restart it. I'm still having
problems
finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and
error
that states mmc can't open the file.


Jon

:

If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab
in
a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under
'Administrative
Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run" box on
the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative
Templates' >
'Windows Explorer' ...and find the item: 'Remove Security tab'
under
it.
You want to set this item to 'disabled' which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the
change
should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start
Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not
appear
so
due to line-wrap - Please ensure that the command begins with 'reg and
ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download and
run
it.
This also, will enable the 'Security' tab on a file's properties page.

==

Cheers, Tim Meddick, Peckham, London.



Just finished the scans found one infected file and one adware.
These
were
quarantined and deleted successfully according to the Anti-Malware
program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I
don't
see
the 'Security' tab on my computer when right clicking on the
boot.ini
file
and choosing properties. I think I am missing some step to get
this
accomplished with XP pro.


I did change the attributes of the file as suggested but the
boot.ini
was
deleted again after restarting.

Jon
.......................................



Tim Meddick" wrote:

Hi,
It seems to me that what 'Twayne' says in his post about it
being
the
result of malware, is your best bet.
However, there are also a couple of things you can do to stop
this
problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT of
your
C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the file
from
being deleted.
Do this by choosing properties on the file and going to the
'Security'
tab.
Press on the 'Advanced' button and clear the check-box marked
'Inherit
from
parent the permission entries.....' then click on 'Copy' on the box
that
pops up.
Click on the 'Edit' button for every entry in the list and uncheck
the
'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the
file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Meddick, Peckham, London.


Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using
notepad
or
by
going to the control panel (system - advanced - start up and
ecovery -
edit) and paste the boot.ini text there. (I have made the
files
"unhidden").

Whenever I restart or shut down the computer then turn it back
on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig
is
no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for
the
backup
boot file. After this message disappears from the start-up
procedure
it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted
and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,

 

[Jose]

A step back for a moment - the whole 'Security tab' thing was meant (by me,
at any rate) to be just something you could also try.

The main thing is that this sounds *very* much like an effect of a virus /
malware infection.

While you can still try and treat the 'symptoms' (by trying to stop
boot.ini  from being deleted) the problem remains that, as far as I know, a
boot.ini file that has incorrect data (or invalid file paths) within it,
does not normally get deleted!!

This leaves another non-windows process as being the culprit!

Have you done your AntiVirus scans?

Have you tried running 'Task Manager' at the moment you have the message on
the screen to see what process is the origin of it?

Also (quite important) to download and run MalwareBytes (quite the best free
program for repairing a malware infected machine) available from:

http://www.malwarebytes.org/mbam.php

==

Cheers,    Tim Meddick,    Peckham, London.    

Security tab is now visable.

I copied the 5 steps and ran them in start / run area.    Now the security
tab is showing up on the file properties.    As I understand this process-
the boot.ini should have been in a 'state' that would make it untouchable
by
any system process.

After removing the batch file to recreate the boot.ini during startup I
found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful
reboot
without the "Invalid boot.ini file.   Booting from C:\windows" message.
However, then doing a restart of the computer again the message reappeared
and I found that again the boot.ini file had disappeared.     I didthis
twice again and each time after creating the boot.ini file and rebooting
the
computer it was successful on the initial startup but on the second reboot
the file had been deleted again.

The only way that I can get the computer to reboot repeatedly without the
"Invalid boot.ini file.  "Invalid boot.ini file.   Booting from
C:\windows"
message is to keep a batch file in the startup folded to copy the boot.ini
file back to C:\

The 3 steps listed in a previous message would not run.  I could not make
the Security tab visible.

Jon

<

I gave three ways in which to 'activate' the 'Security Tab' to be seenon
a
file's property page.
Which of them is causing you problems?
Personally I think the 'copy and paste' suggestion is the simplest and
after
you have 'run' it in the 'run' box on the 'Start Menu' you will
immediately
be able to see the 'Security Page'.
However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste'
them):
cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R
....this will have the effect of removing (/R stands for Revoke /E for
Edit)
the permissions for the 'Users' group and (just in case, but more
importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only permission
(halting the FULL control the SYSTEM usually has over the file).
This will effectively STOP any attempt by the system to delete or even
change the file, while allowing it to enumerate (read) it during the boot
process.
==
Cheers,    Tim Meddick,    Peckham, London.    
I did create a batch file to copy the boot.ini file back to 'C:\' and
placed
it in the startup folder (start menu) to keep from recreating the file
everytime I turn the computer on or restart it.  I'm still having
problems
finding the security tab.
Here's  what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services
I'm still not seeing the items you mentioned and typing
mmc  c:\windows system32\grupedit.msc   in the run box  bringsand
error
that states mmc can't open the file.
Jon
:
If you have XP (Pro) then,  here is how to 'Enable' the 'Security' tab
in
a
file's properties page:
Open the 'Group Policy Editor' on the 'Start Menu' under
'Administrative
Tools'
(or type:  mmc  c:\windows\system32\grupedit.msc   in the "Run" box on
the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative
Templates' >
'Windows Explorer'  ...and find the item:  'Remove Security tab'
under
it.
You want to set this item to 'disabled'  which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the
change
should be immediate.
*Or copy and paste the following into the "Run" box on the 'Start
Menu':
reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f
....(*Note - the preceding command is all on one line but may not
appear
so
due to line-wrap - Please ensure that the command begins with 'reg and
ends
with '/f')
*Or, if you are able to 'see' the attached (.vbs) file, download and
run
it.
This also, will enable the 'Security' tab on a file's properties page.
==
Cheers,    Tim Meddick,    Peckham, London.    
Just  finished the scans found one infected file and one adware..
These
were
quarantined and deleted successfully according to the Anti-Malware
program.
The boot.ini file is still being deleted after the scans.
In Item 2) you mentioned changing the permission of the file.  I
don't
see
the 'Security' tab on my computer when right clicking on the
boot.ini
file
and choosing properties.   I  think I am missing some step toget
this
accomplished with XP pro.
I did change the attributes of the file as suggested but the
boot.ini
was
deleted again after restarting.
Jon
.......................................
Tim Meddick" wrote:
Hi,
    It seems to me that what 'Twayne' says in his post aboutit
being
the
result of malware, is your best bet.
    However, there are also a couple of things you can do tostop
this
problem.
1). Copy your c:\windows\pss\boot.ini.backup  file to the ROOTof
your
C:
drive.
2). reset the permissions on the c:\boot.ini  file to stop thefile
from
being deleted.
Do this by choosing properties on the file and going to the
'Security'
tab.
Press on the 'Advanced' button and clear the check-box marked
'Inherit
from
parent the permission entries.....' then click on 'Copy' on the box
that
pops up.
Click on the 'Edit' button for every entry in the list and uncheck
the
'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.
This should prevent ANY application (or virus) from deleting the
file.
Also, further protect the file by typing the following:
attrib +r +h +s c:\boot.ini
....in a 'Command Prompt' window.
==
Cheers,    Tim Meddick,    Peckham, London.    
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig.  I can recreate the file using
notepad
or
by
going to the control panel  (system - advanced - start up and
ecovery  -
edit) and paste the boot.ini text  there.      (I havemade the
files
"unhidden").
Whenever I restart  or shut down the computer then turn it back
on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig
is
no
longer present.
The message I get on startup is "Invalid boot.ini file.   Booting
from
C:\windows".
I believe this  is looking at the c:\windows\pss directory for
the
backup
boot file.  After  this message disappears from the start-up
procedure
it
seem to boot  normally.
I am looking for help on finding why the boot.ini

...

read more »

I suggested MBAM, SAS and AVG days ago.

One thing I have seen is that even if malware is detected and dealt
with there still may be little turds hanging around that have to be
cleaned up by hand.

Instead of spending time on some workaround (copying from a batch
file?!), wouldn't you rather fix the problem instead? The boot.ini
file should already be write protected and hidden. You don't have to
change it.

The other symptom of the BOOT.INI tab not showing up in MSCONFIG - of
course it won't show up if the file is not there.

How about the runonce stuff in the registry for HKLM and HKCU? Have
you looked there for something like "del c:\boot.ini"? That will
certainly cause the problem you describe.

Why don't you search your entire registry for boot.ini and see what
you find? It shouldn't be in there too often I don't think, and
certainly not preceded by anything the might delete it.

Maybe some other program is masquerading in the runonce area(s) that
is doing it to try and fool you.

If it only happens when you reboot, it is "running once"...

 

[Twayne]

IMO you are the victim of malware whether it be a virus, trojan, worm
etc..

Has anyone yet asked you to post your boot.ini file? I suggest you do
so.

You could go ahead and throw an arsenal of AV and spyware detectors at
your machnine as more than one person has suggested but I don't see any
results of such a thing mentioned by you.

For the length of time you have invested on this problem you could have
easily backed up and then rebuilt your whole system manually from
scratch and been back to work by now. And that's what I'd suggest you
do next since none of the other advice here has been of any use, or was
ignored, by you. If you don't have an imaging program or any backup
software, use XP's native ntbackup.exe for now; it'll server you well,
costs nothing and requires little of your own time other than to start
it up.

HTH,

Twayne`

Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the
security tab is showing up on the file properties. As I understand
this process- the boot.ini should have been in a 'state' that would
make it untouchable by any system process.

After removing the batch file to recreate the boot.ini during startup
I found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful
reboot without the "Invalid boot.ini file. Booting from C:\windows"
message. However, then doing a restart of the computer again the
message reappeared and I found that again the boot.ini file had
disappeared. I did this twice again and each time after creating
the boot.ini file and rebooting the computer it was successful on the
initial startup but on the second reboot the file had been deleted
again.

The only way that I can get the computer to reboot repeatedly without
the "Invalid boot.ini file. "Invalid boot.ini file. Booting from
C:\windows" message is to keep a batch file in the startup folded to
copy the boot.ini file back to C:\

The 3 steps listed in a previous message would not run. I could not
make the Security tab visible.

Jon

<

I gave three ways in which to 'activate' the 'Security Tab' to be
seen on a file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest
and after you have 'run' it in the 'run' box on the 'Start Menu' you
will immediately be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste'
them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E
for Edit) the permissions for the 'Users' group and (just in case,
but more importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only
permission (halting the FULL control the SYSTEM usually has over the
file).

This will effectively STOP any attempt by the system to delete or
even change the file, while allowing it to enumerate (read) it
during the boot process.

==

Cheers, Tim Meddick, Peckham, London.

I did create a batch file to copy the boot.ini file back to 'C:\'
and placed
it in the startup folder (start menu) to keep from recreating the
file everytime I turn the computer on or restart it. I'm still
having problems finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and
error that states mmc can't open the file.


Jon

:

If you have XP (Pro) then, here is how to 'Enable' the 'Security'
tab in a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under
'Administrative Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run"
box on the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative
Templates' > 'Windows Explorer' ...and find the item: 'Remove
Security tab' under it.
You want to set this item to 'disabled' which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the
change should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start
Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not
appear so
due to line-wrap - Please ensure that the command begins with 'reg
and ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download
and run it.
This also, will enable the 'Security' tab on a file's properties
page.

==

Cheers, Tim Meddick, Peckham, London.



Just finished the scans found one infected file and one adware.
These were
quarantined and deleted successfully according to the Anti-Malware
program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I
don't see
the 'Security' tab on my computer when right clicking on the
boot.ini file
and choosing properties. I think I am missing some step to get
this accomplished with XP pro.


I did change the attributes of the file as suggested but the
boot.ini was
deleted again after restarting.

Jon
.......................................



Tim Meddick" wrote:

Hi,
It seems to me that what 'Twayne' says in his post about it
being the
result of malware, is your best bet.
However, there are also a couple of things you can do to
stop this problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT
of your C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the
file from
being deleted.
Do this by choosing properties on the file and going to the
'Security' tab.
Press on the 'Advanced' button and clear the check-box marked
'Inherit from
parent the permission entries.....' then click on 'Copy' on the
box that
pops up.
Click on the 'Edit' button for every entry in the list and
uncheck the 'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the
file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Meddick, Peckham, London.


Last week the boot.ini file disappeared from my c:\ drive and
the boot.ini
tab disappeared from msconfig. I can recreate the file using
notepad
or
by
going to the control panel (system - advanced - start up and
ecovery -
edit) and paste the boot.ini text there. (I have made the
files
"unhidden").

Whenever I restart or shut down the computer then turn it back
on the
boot.ini file has been deleted again and the boot.ini tab from
msconfig
is
no
longer present.

The message I get on startup is "Invalid boot.ini file.
Booting from
C:\windows".

I believe this is looking at the c:\windows\pss directory for
the backup
boot file. After this message disappears from the start-up
procedure
it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted
and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows
XP Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,

 

[saltcity]

~~~~boot.ini file no longer is being deleted.~~~~

I had been running scans AVG and Malwarebytes for past three days. 1 item
ADWARE.MyWEb was found. After running Tim Meddicks' last processes and
running these two programs again and found another (different) item
Trojan.BHO listed in 1 file and 17 registry keys which was found by
Malwarebytes. These have been quarantined. AVG did not find any problems
on its last scan a few minutes ago. I then ran REGCure to see if it would
pick up anything and it listed 90 errors.

The boot.ini file is no longer being deleted. I have removed the .bat
file that I used to recreated the boot.ini in the C:\ directory and now on
every reboot or startup from shutdown the boot.ini is still present in C:\
and the boot.ini tab remains intact.

Thanks to all who responded and I am really glad to have found the
Malwarebytes Anti-Malware program.

Jon

A step back for a moment - the whole 'Security tab' thing was meant (by me,
at any rate) to be just something you could also try.

The main thing is that this sounds *very* much like an effect of a virus /
malware infection.

While you can still try and treat the 'symptoms' (by trying to stop
boot.ini from being deleted) the problem remains that, as far as I know, a
boot.ini file that has incorrect data (or invalid file paths) within it,
does not normally get deleted!!

This leaves another non-windows process as being the culprit!

Have you done your AntiVirus scans?

Have you tried running 'Task Manager' at the moment you have the message on
the screen to see what process is the origin of it?

Also (quite important) to download and run MalwareBytes (quite the best free
program for repairing a malware infected machine) available from:

http://www.malwarebytes.org/mbam.php

==

Cheers, Tim Meddick, Peckham, London.

Security tab is now visable.

I copied the 5 steps and ran them in start / run area. Now the security
tab is showing up on the file properties. As I understand this process-
the boot.ini should have been in a 'state' that would make it untouchable
by
any system process.

After removing the batch file to recreate the boot.ini during startup I
found that it had been deleted again.

I then recreated the boot.ini file in C:\ and completed a successful
reboot
without the "Invalid boot.ini file. Booting from C:\windows" message.
However, then doing a restart of the computer again the message reappeared
and I found that again the boot.ini file had disappeared. I did this
twice again and each time after creating the boot.ini file and rebooting
the
computer it was successful on the initial startup but on the second reboot
the file had been deleted again.

The only way that I can get the computer to reboot repeatedly without the
"Invalid boot.ini file. "Invalid boot.ini file. Booting from
C:\windows"
message is to keep a batch file in the startup folded to copy the boot.ini
file back to C:\

The 3 steps listed in a previous message would not run. I could not make
the Security tab visible.

Jon

<

I gave three ways in which to 'activate' the 'Security Tab' to be seen on
a
file's property page.

Which of them is causing you problems?

Personally I think the 'copy and paste' suggestion is the simplest and
after
you have 'run' it in the 'run' box on the 'Start Menu' you will
immediately
be able to see the 'Security Page'.


However, another way of setting the acls (Access Control Lists - or
permissions) of the 'boot.ini' file, is to execute ALL the following
commands from a 'Command Prompt' window (DOS box) ('copy and paste'
them):



cacls boot.ini /E /R Users
cacls boot.ini /E /R SYSTEM
cacls boot.ini /E /G Users:R
cacls boot.ini /E /D SYSTEM
cacls boot.ini /E /G SYSTEM:R



....this will have the effect of removing (/R stands for Revoke /E for
Edit)
the permissions for the 'Users' group and (just in case, but more
importantly) the SYSTEM account.
Then, Denying the SYSTEM account access to the file (/D).
Finally, re-setting the SYSTEM account, granting it read-only permission
(halting the FULL control the SYSTEM usually has over the file).

This will effectively STOP any attempt by the system to delete or even
change the file, while allowing it to enumerate (read) it during the boot
process.

==

Cheers, Tim Meddick, Peckham, London.




I did create a batch file to copy the boot.ini file back to 'C:\' and
placed
it in the startup folder (start menu) to keep from recreating the file
everytime I turn the computer on or restart it. I'm still having
problems
finding the security tab.

Here's what I have under the Administrative Tools
Component Services
Computer Management
Data Sources (ODBC)
Event Viewer
Local Security Policy
Microsoft.NET Framework 1.1 Configuration
Microsoft.NET Framework 1.1 Wizards
Performance
Services

I'm still not seeing the items you mentioned and typing
mmc c:\windows system32\grupedit.msc in the run box brings and
error
that states mmc can't open the file.


Jon

:

If you have XP (Pro) then, here is how to 'Enable' the 'Security' tab
in
a
file's properties page:

Open the 'Group Policy Editor' on the 'Start Menu' under
'Administrative
Tools'
(or type: mmc c:\windows\system32\grupedit.msc in the "Run" box on
the
'Start menu')
Then locate the item: 'User Configuration' > 'Administrative
Templates' >
'Windows Explorer' ...and find the item: 'Remove Security tab'
under
it.
You want to set this item to 'disabled' which will result in the
'Security
Tab' being visible under that user.
You may possibly have to logoff / logon to see the change, but the
change
should be immediate.


*Or copy and paste the following into the "Run" box on the 'Start
Menu':



reg ADD HKLM\System\CurrentControlSet\Control\Lsa /v forceguest /t
REG_DWORD
/d 0 /f



....(*Note - the preceding command is all on one line but may not
appear
so
due to line-wrap - Please ensure that the command begins with 'reg and
ends
with '/f')


*Or, if you are able to 'see' the attached (.vbs) file, download and
run
it.
This also, will enable the 'Security' tab on a file's properties page.

==

Cheers, Tim Meddick, Peckham, London.



Just finished the scans found one infected file and one adware.
These
were
quarantined and deleted successfully according to the Anti-Malware
program.

The boot.ini file is still being deleted after the scans.

In Item 2) you mentioned changing the permission of the file. I
don't
see
the 'Security' tab on my computer when right clicking on the
boot.ini
file
and choosing properties. I think I am missing some step to get
this
accomplished with XP pro.


I did change the attributes of the file as suggested but the
boot.ini
was
deleted again after restarting.

Jon
.......................................



Tim Meddick" wrote:

Hi,
It seems to me that what 'Twayne' says in his post about it
being
the
result of malware, is your best bet.
However, there are also a couple of things you can do to stop
this
problem.

1). Copy your c:\windows\pss\boot.ini.backup file to the ROOT of
your
C:
drive.

2). reset the permissions on the c:\boot.ini file to stop the file
from
being deleted.
Do this by choosing properties on the file and going to the
'Security'
tab.
Press on the 'Advanced' button and clear the check-box marked
'Inherit
from
parent the permission entries.....' then click on 'Copy' on the box
that
pops up.
Click on the 'Edit' button for every entry in the list and uncheck
the
'Delete' and 'Change Permissions' boxes.
Press [ok] and [ok] to close both dialogues.

This should prevent ANY application (or virus) from deleting the
file.

Also, further protect the file by typing the following:


attrib +r +h +s c:\boot.ini


....in a 'Command Prompt' window.


==



Cheers, Tim Meddick, Peckham, London.


Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using
notepad
or
by
going to the control panel (system - advanced - start up and
ecovery -
edit) and paste the boot.ini text there. (I have made the
files
"unhidden").

Whenever I restart or shut down the computer then turn it back
on
the
boot.ini file has been deleted again and the boot.ini tab from

 

[Kelly]

Wow, who knew! )
Thanks for sharing.
--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[Jose]

Wow, who knew!  )
Thanks for sharing.
--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool Plus!http://www.kellys-korner-xp.com/taskbarplus!.htm

I thought everybody knew about this problem

Here is some interesting banter and other things that seem to get
deleted by that offending software, including this quote from the
makers:

"It is not possible that the toolbar is responsible for this."

http://forum.applian.com/showthread.php?p=8012

They sort of changed their minds later and I did not pursue it to see
if they ever admitted/fixed it.

 

[Peter Gray]

I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this problem. I've
checked to see what's happening and find that the boot.ini is being deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia Center, One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find out if
it's a fault in the IE8 installation or a hijack which is using IE8 to
deliver.

The machines have been removed from the internet and still showed this
symptom - so if it is an exploit it's embedded and using the presence of IE8.

Hope this helps

I'm still checking

 

[Tim Meddick]

....and then again, it could just be a coincidence.... no?

==

Cheers, Tim Meddick, Peckham, London.

I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this problem.
I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia Center,
One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE8 to
deliver.

The machines have been removed from the internet and still showed this
symptom - so if it is an exploit it's embedded and using the presence
of IE8.

Hope this helps

I'm still checking

--
Peter Gray

Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using notepad
or by
going to the control panel (system - advanced - start up and
recovery -
edit) and paste the boot.ini text there. (I have made the files
"unhidden").

Whenever I restart or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the
backup
boot file. After this message disappears from the start-up
procedure it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you,

 

[noobtube]

I've registered to post my experiences with this issue. Thanks t
everyone in this thread, as it solved my problem with the boot.ini fil
dissapearing when I boot XP.

The solution was to uninstall the Ask toolbar, I would never hav
thought to check it out, but removing the Ask toolbar resolved th
problem with the boot.ini being deleted on boot.

Since google catalogues this list and it was where I found the bes
answers, I should add some other symptoms I had experienced. All of m
programs behaved as if they had just been installed, obviously th
missing boot.ini caused windows XP pro to revert to the last known goo
registry settings. So Firefox would lose all its bookmarks on boot
photoshop would lose its most recent file list, in fact all of my mos
recent lists were wiped.

All of this was fixed by removing the ask toolbar. I think it's n
coincidence that many other people have reported the same issue,
quick google of "ask toobar boot.ini" reveals much.

I still don't know why the Ask toolbar is causing this problem, but i
must be a recent update, or perhaps a version of the toolbar whic
piggybacks onto the install of other software. I tend to install lot
of little free utilities, I'm always careful so as to not download an
install virus infected stuff, but many of these free utilities must ge
some kind of kickback from including the ask toolbar.

In any case, if this can be confirmed as an issue with the ask.co
toolbar, for starter
http://en.wikipedia.org/wiki/Ask.com_toolbar#Toolbar should be update
with a reference to the known issue, as should the developers her
http://forum.applian.com/showthread.php?t=2123

It could be that some 3rd party bundling ask is tampering with it, bu
since I add and remove lots of little apps, many of which bundle ask
it's hard to tell which one it was. I could have installed the app
tried it and uninstalled it (leaving ASK intact).

In any case, my install of Internet Explorer 8 is still fine, n
problems there. Removing Ask from add / remove programs did the trick
Thanks for pointing those of us stumbling around the web in the righ
direction.

Cheers.

....and then again, it could just be a coincidence.... no?

==

Cheers, Tim Meddick, Peckham, London.




"Peter Gray" (e-mail address removed) wrote in message
I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this problem

I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia Center

One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE
to
deliver.

The machines have been removed from the internet and still showe
this
symptom - so if it is an exploit it's embedded and using the presenc

of IE8.

Hope this helps

I'm still checking

--
Peter Gray


:
-
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using notepa

or by
going to the control panel (system - advanced - start up and
recovery -
edit) and paste the boot.ini text there. (I have made the files
"unhidden").

Whenever I restart or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the
backup
boot file. After this message disappears from the start-up
procedure it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you, --

 

[Jose]

I've registered to post my experiences with this issue.  Thanks to
everyone in this thread, as it solved my problem with the boot.ini file
dissapearing when I boot XP.

The solution was to uninstall the Ask toolbar, I would never have
thought to check it out, but removing the Ask toolbar resolved the
problem with the boot.ini being deleted on boot.

Since google catalogues this list and it was where I found the best
answers, I should add some other symptoms I had experienced.  All of my
programs behaved as if they had just been installed, obviously the
missing boot.ini caused windows XP pro to revert to the last known good
registry settings.  So Firefox would lose all its bookmarks on boot,
photoshop would lose its most recent file list, in fact all of my most
recent lists were wiped.

All of this was fixed by removing the ask toolbar.  I think it's no
coincidence that many other people have reported the same issue, a
quick google of "ask toobar boot.ini" reveals much.

I still don't know why the Ask toolbar is causing this problem, but it
must be a recent update, or perhaps a version of the toolbar which
piggybacks onto the install of other software.  I tend to install lots
of little free utilities, I'm always careful so as to not download and
install virus infected stuff, but many of these free utilities must get
some kind of kickback from including the ask toolbar.  

In any case, if this can be confirmed as an issue with the ask.com
toolbar, for startershttp://en.wikipedia.org/wiki/Ask.com_toolbar#Toolbarshould be updated
with a reference to the known issue, as should the developers herehttp://forum.applian.com/showthread.php?t=2123

It could be that some 3rd party bundling ask is tampering with it, but
since I add and remove lots of little apps, many of which bundle ask,
it's hard to tell which one it was.  I could have installed the app,
tried it and uninstalled it (leaving ASK intact).

In any case, my install of Internet Explorer 8 is still fine, no
problems there.  Removing Ask from add / remove programs did the trick.
Thanks for pointing those of us stumbling around the web in the right
direction.

Cheers.

Tim Meddick;3314700 Wrote:

....and then again, it could just be a coincidence....  no?

Cheers,    Tim Meddick,    Peckham, London.    

"Peter Gray" (e-mail address removed) wrote in message
I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this problem.

I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia Center,

One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE8
to
deliver.

The machines have been removed from the internet and still showed
this
symptom - so if it is an exploit it's embedded and using the presence

of IE8.

Hope this helps

I'm still checking

:
-
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig.  I can recreate the file using notepad

or by
going to the control panel  (system - advanced - start up and
recovery  -
edit) and paste the boot.ini text  there.      (I have made thefiles
"unhidden").

Whenever I restart  or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file.   Booting
from
C:\windows".

I believe this  is looking at the c:\windows\pss directory for the
backup
boot file.  After  this message disappears from the start-up
procedure it
seem to boot  normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE

* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you, --

That's good confirmation.

I am not a big believer in coincidence! There is a reason for most
things but sometimes takes a while to find.

If I see someone with this problem now, one of my early questions is
about Ask Toolbar. 3 out of 3 answers so far have been yes, I have it
and when I remove it my boot.ini is still around on a reboot.

Sure beats pounding your head for a couple days or adding a work
around to replace boot.ini with a copy on every boot (huh?). You
still have the problem when you are done "fixing" it.

I am not sure if the Applian people ever acknowledged it or fixed
their "free and safe" toolbar and don't really care, but it is
certainly free.

There is activity even today in their forum on this topic (was that
you?)

"Yes, This is happening here and is easily reproducable. The toolbar
updater also damages files located in %appdata%\Application Data
\Microsoft\Internet Explorer. The three machines I can duplicate this
on are running CA antivirus 2007 which comes with Roadrunner. I can
guarantee none of these machines have a virus and it is the toolbar
updater service that causes this. You do not have to uninstall the
toolbar to fix this, just disable the ask toolbar update service and
nothing else. Search on any search engine for "ask toolbar boot.ini"
and you will see many people with the same problem."

 

[Tim Meddick]

I was not trying to cast doubts on the validity of your claims, I was
just a bit sceptical of how the "Ask Toolbar" could be the cause of a
repetitively disappearing boot.ini file?!!

But you have provided more than enough evidence to make me totally
believe that the link between them *is* real.

It does however, make me wonder just why it would interfere with the
boot.ini file.

I would be very interested to find out the mechanics of just what
conflicts arise from installing the Toolbar that cause it to do this on
some machines...

==

Cheers, Tim Meddick, Peckham, London.

I've registered to post my experiences with this issue. Thanks to
everyone in this thread, as it solved my problem with the boot.ini
file
dissapearing when I boot XP.

The solution was to uninstall the Ask toolbar, I would never have
thought to check it out, but removing the Ask toolbar resolved the
problem with the boot.ini being deleted on boot.

Since google catalogues this list and it was where I found the best
answers, I should add some other symptoms I had experienced. All of
my
programs behaved as if they had just been installed, obviously the
missing boot.ini caused windows XP pro to revert to the last known
good
registry settings. So Firefox would lose all its bookmarks on boot,
photoshop would lose its most recent file list, in fact all of my most
recent lists were wiped.

All of this was fixed by removing the ask toolbar. I think it's no
coincidence that many other people have reported the same issue, a
quick google of "ask toobar boot.ini" reveals much.

I still don't know why the Ask toolbar is causing this problem, but it
must be a recent update, or perhaps a version of the toolbar which
piggybacks onto the install of other software. I tend to install lots
of little free utilities, I'm always careful so as to not download and
install virus infected stuff, but many of these free utilities must
get
some kind of kickback from including the ask toolbar.

In any case, if this can be confirmed as an issue with the ask.com
toolbar, for starters
http://en.wikipedia.org/wiki/Ask.com_toolbar#Toolbar should be updated
with a reference to the known issue, as should the developers here
http://forum.applian.com/showthread.php?t=2123

It could be that some 3rd party bundling ask is tampering with it, but
since I add and remove lots of little apps, many of which bundle ask,
it's hard to tell which one it was. I could have installed the app,
tried it and uninstalled it (leaving ASK intact).

In any case, my install of Internet Explorer 8 is still fine, no
problems there. Removing Ask from add / remove programs did the
trick.
Thanks for pointing those of us stumbling around the web in the right
direction.

Cheers.

....and then again, it could just be a coincidence.... no?

==

Cheers, Tim Meddick, Peckham, London.




"Peter Gray" (e-mail address removed) wrote in message
I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this
problem.

I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia
Center,

One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE8
to
deliver.

The machines have been removed from the internet and still showed
this
symptom - so if it is an exploit it's embedded and using the presence

of IE8.

Hope this helps

I'm still checking

--
Peter Gray


:
-
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using notepad

or by
going to the control panel (system - advanced - start up and
recovery -
edit) and paste the boot.ini text there. (I have made the files
"unhidden").

Whenever I restart or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the
backup
boot file. After this message disappears from the start-up
procedure it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you, --

 

[noobtube]

Tim, like you I am also interested in the mechanics and why thing
happen. As it is, if I couldn't find any hints online I would hav
resorted to using various system tools to locate the source of th
problem, being no stranger to file and registry monitoring. Luckily,
found this discussion and saved myself perhaps hours of frustration.

Still, the inquisitive part of me does wonder exactly what the heck i
going on to make this happen. Is the toolbar querying the boot.ini t
glean information on what operating systems people use, perhaps o
other partitions? I've always been wary of toolbars such as this
which seem to try and gather as much information as they can withou
being considered malware. Surely this kind of "techical" information
used during the "update" process, could be of value to someone
somewhere deep in the heart of a data mining facility.

That's just speculation of course. Could just be someone messed up.
But that still doesn't explain why a toolbar update even needs to g
near boot.ini. What do they need to do that for? And why does i
happen on every boot?

*shakes head*

It could be innocent. Perhaps by confirming the presence of a fe
standard OS files by attempting to open them at their default location
they know which OS version the toolbar update relates to - and mayb
some programmer messed up and instead of opening a file in read-only
they set it to write (and forgot to close the file handler afterwards
hence the file goes missing).

But how something like this slips through quality assurance is beyon
me.

I will be following the official Applian thread - which I haven'
participated in yet - but I am just glad the problem is fixed for me.
Obviously they're in denial at the moment, and probably franticall
working out exactly what went wrong knowing full well the issue exists
Probably. Well, maybe.

Who knows at this stage.

I was not trying to cast doubts on the validity of your claims, I was
just a bit sceptical of how the "Ask Toolbar" could be the cause of a
repetitively disappearing boot.ini file?!!

But you have provided more than enough evidence to make me totally
believe that the link between them *is* real.

It does however, make me wonder just why it would interfere with the
boot.ini file.

I would be very interested to find out the mechanics of just what
conflicts arise from installing the Toolbar that cause it to do this o

some machines...

==

Cheers, Tim Meddick, Peckham, London.




"noobtube" (e-mail address removed) wrote in message

I've registered to post my experiences with this issue. Thanks to
everyone in this thread, as it solved my problem with the boot.ini
file
dissapearing when I boot XP.

The solution was to uninstall the Ask toolbar, I would never have
thought to check it out, but removing the Ask toolbar resolved the
problem with the boot.ini being deleted on boot.

Since google catalogues this list and it was where I found the best
answers, I should add some other symptoms I had experienced. All of
my
programs behaved as if they had just been installed, obviously the
missing boot.ini caused windows XP pro to revert to the last known
good
registry settings. So Firefox would lose all its bookmarks on boot,
photoshop would lose its most recent file list, in fact all of m
most
recent lists were wiped.

All of this was fixed by removing the ask toolbar. I think it's no
coincidence that many other people have reported the same issue, a
quick google of "ask toobar boot.ini" reveals much.

I still don't know why the Ask toolbar is causing this problem, bu
it
must be a recent update, or perhaps a version of the toolbar which
piggybacks onto the install of other software. I tend to instal
lots
of little free utilities, I'm always careful so as to not downloa
and
install virus infected stuff, but many of these free utilities must
get
some kind of kickback from including the ask toolbar.

In any case, if this can be confirmed as an issue with the ask.com
toolbar, for starters
http://en.wikipedia.org/wiki/Ask.com_toolbar#Toolbar should be
updated
with a reference to the known issue, as should the developers here
http://forum.applian.com/showthread.php?t=2123

It could be that some 3rd party bundling ask is tampering with it,
but
since I add and remove lots of little apps, many of which bundle ask,
it's hard to tell which one it was. I could have installed the app,
tried it and uninstalled it (leaving ASK intact).

In any case, my install of Internet Explorer 8 is still fine, no
problems there. Removing Ask from add / remove programs did the
trick.
Thanks for pointing those of us stumbling around the web in the right
direction.

Cheers.

Tim Meddick;3314700 Wrote:-
....and then again, it could just be a coincidence.... no?

==

Cheers, Tim Meddick, Peckham, London.




"Peter Gray" (e-mail address removed) wrote in message
I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this
problem.

I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia
Center,

One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE8
to
deliver.

The machines have been removed from the internet and still showed
this
symptom - so if it is an exploit it's embedded and using the presence

of IE8.

Hope this helps

I'm still checking

--
Peter Gray


:
-
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig. I can recreate the file using notepad

or by
going to the control panel (system - advanced - start up and
recovery -
edit) and paste the boot.ini text there. (I have made the files
"unhidden").

Whenever I restart or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file. Booting
from
C:\windows".

I believe this is looking at the c:\windows\pss directory for the
backup
boot file. After this message disappears from the start-up
procedure it
seem to boot normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE


* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you, ---

 

[Jose]

Tim, like you I am also interested in the mechanics and why things
happen.  As it is, if I couldn't find any hints online I would have
resorted to using various system tools to locate the source of the
problem, being no stranger to file and registry monitoring.  Luckily, I
found this discussion and saved myself perhaps hours of frustration.

Still, the inquisitive part of me does wonder exactly what the heck is
going on to make this happen.  Is the toolbar querying the boot.ini to
glean information on what operating systems people use, perhaps on
other partitions?  I've always been wary of toolbars such as this,
which seem to try and gather as much information as they can without
being considered malware.  Surely this kind of "techical" information,
used during the "update" process, could be of value to someone,
somewhere deep in the heart of a data mining facility.

That's just speculation of course.  Could just be someone messed up.
But that still doesn't explain why a toolbar update even needs to go
near boot.ini.  What do they need to do that for?  And why does it
happen on every boot?

*shakes head*

It could be innocent.  Perhaps by confirming the presence of a few
standard OS files by attempting to open them at their default location,
they know which OS version the toolbar update relates to - and maybe
some programmer messed up and instead of opening a file in read-only,
they set it to write (and forgot to close the file handler afterwards,
hence the file goes missing).

But how something like this slips through quality assurance is beyond
me.

I will be following the official Applian thread - which I haven't
participated in yet - but I am just glad the problem is fixed for me.
Obviously they're in denial at the moment, and probably frantically
working out exactly what went wrong knowing full well the issue exists.
Probably.  Well, maybe.

Who knows at this stage.

Tim Meddick;3319482 Wrote:

I was not trying to cast doubts on the validity of your claims, I was
just a bit sceptical of how the "Ask Toolbar" could be the cause of a
repetitively disappearing boot.ini file?!!

But you have provided more than enough evidence to make me totally
believe that the link between them *is* real.

It does however, make me wonder just why it would interfere with the
boot.ini file.

I would be very interested to find out the mechanics of just what
conflicts arise from installing the Toolbar that cause it to do this on

some machines...

Cheers,    Tim Meddick,    Peckham, London.    

"noobtube" (e-mail address removed) wrote in message
news:[email protected]

I've registered to post my experiences with this issue.  Thanks to
everyone in this thread, as it solved my problem with the boot.ini
file
dissapearing when I boot XP.

The solution was to uninstall the Ask toolbar, I would never have
thought to check it out, but removing the Ask toolbar resolved the
problem with the boot.ini being deleted on boot.

Since google catalogues this list and it was where I found the best
answers, I should add some other symptoms I had experienced.  All of
my
programs behaved as if they had just been installed, obviously the
missing boot.ini caused windows XP pro to revert to the last known
good
registry settings.  So Firefox would lose all its bookmarks on boot,
photoshop would lose its most recent file list, in fact all of my
most
recent lists were wiped.

All of this was fixed by removing the ask toolbar.  I think it's no
coincidence that many other people have reported the same issue, a
quick google of "ask toobar boot.ini" reveals much.

I still don't know why the Ask toolbar is causing this problem, but
it
must be a recent update, or perhaps a version of the toolbar which
piggybacks onto the install of other software.  I tend to install
lots
of little free utilities, I'm always careful so as to not download
and
install virus infected stuff, but many of these free utilities must
get
some kind of kickback from including the ask toolbar.

In any case, if this can be confirmed as an issue with the ask.com
toolbar, for starters
http://en.wikipedia.org/wiki/Ask.com_toolbar#Toolbarshould be
updated
with a reference to the known issue, as should the developers here
http://forum.applian.com/showthread.php?t=2123

It could be that some 3rd party bundling ask is tampering with it,
but
since I add and remove lots of little apps, many of which bundle ask,
it's hard to tell which one it was.  I could have installed the app,
tried it and uninstalled it (leaving ASK intact).

In any case, my install of Internet Explorer 8 is still fine, no
problems there.  Removing Ask from add / remove programs did the
trick.
Thanks for pointing those of us stumbling around the web in the right
direction.

Tim Meddick;3314700 Wrote:-
....and then again, it could just be a coincidence....  no?

Cheers,    Tim Meddick,    Peckham, London.    

"Peter Gray" (e-mail address removed) wrote in message
I think I may have found a lot of the cause of this.

I have three clients systems all of which are exhibiting this
problem.

I've
checked to see what's happening and find that the boot.ini is being
deleted
as part of the start up.

Next all three have recently had IE8 installed. One is a MEdia
Center,

One
an XP Jome and one an XP Pro. I've removed IE8 from two of them and
the
problem has disappeared!!

I'm keeping the third machine for a sort while to see if I can find
out if
it's a fault in the IE8 installation or a hijack which is using IE8
to
deliver.

The machines have been removed from the internet and still showed
this
symptom - so if it is an exploit it's embedded and using the presence

of IE8.

Hope this helps

I'm still checking

:
-
Last week the boot.ini file disappeared from my c:\ drive and the
boot.ini
tab disappeared from msconfig.  I can recreate the file using notepad

or by
going to the control panel  (system - advanced - start up and
recovery  -
edit) and paste the boot.ini text  there.      (I have made thefiles
"unhidden").

Whenever I restart  or shut down the computer then turn it back on
the
boot.ini file has been deleted again and the boot.ini tab from
msconfig is no
longer present.

The message I get on startup is "Invalid boot.ini file.   Booting
from
C:\windows".

I believe this  is looking at the c:\windows\pss directory for the
backup
boot file.  After  this message disappears from the start-up
procedure it
seem to boot  normally.

I am looking for help on finding why the boot.ini file is being
deleted and
a solution to keep it in place.

The boot.ini file on C:\ is ----

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP
Professional" /noexecute=optin /fastdetect /PAE

* The PC is a HP XW8200 quad core 2.
* No windows XP Pro install disk was received with the machine.

Thank you, ---

Use Process Monitor to create a boot log and you can capture the
deletion.

This is how the finger got pointed at the Ask Toolbar in the first
place.