Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot.ini


  • Please log in to reply
13 replies to this topic

#1 matt81

matt81

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 09 June 2008 - 08:13 PM

Hi All,

Hoping someone can lend a hand. I was recently infected with the VBS script virus VBS/Sasan.A.2, or a similar version. I use Avira AntiVir Personal edition, which detected the problem. Since no "repair" option was available, I just quarantined all 21 infected files.

Turn out one of them was the boot.ini file. My system is running fine, but does complain that it can't find boot.ini on bootup.

Is this going to be an issue? Can I just copy the file from the XP cd to it's original location? I'm running XP Pro SP2.

I'd rather not re-install the OS, so if I can get around that I would prefer it.

Any thoughts or suggestions, explanations would be appreciated!!

Cheers!

BC AdBot (Login to Remove)

 


#2 diego_moicano

diego_moicano

  • Security Colleague
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brazil
  • Local time:03:29 AM

Posted 09 June 2008 - 08:36 PM

Hi matt81

Look,

http://support.microsoft.com/kb/330184/en-us

http://support.microsoft.com/kb/289022/en-us

http://support.microsoft.com/kb/827180/en-us

I hope this helps you :flowers:

Hugs :thumbsup:
UNITE & ASAP member

#3 matt81

matt81
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 12 June 2008 - 12:07 AM

Hi,

Thanks, but these didn't really help. In fact, I am slightly worse off :thumbsup:

Option 3 was for Windows Server 2003, I'm running XP Pro

Option 2 is for editing the boot.ini, my problem is that my system can't find it at all.

Option 1 was close to my problem, so I followed the directions.

Now when I boot up, I am presented with my choice of operating systems, both the exact same "Microsoft Windows XP Professional". Both of these boot up and present the exact same error message:

Windows Script Host
Can not find script file "C:/WINDOWS/boot.ini"

So the problem is still there, and now I have the issue of 2 options when I boot, which I would rather not have.

Ideas??

Cheers!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:29 PM

Posted 12 June 2008 - 12:43 AM

Try this:

Go Start > Run and type: "bootcfg /rebuild" (without the quotes).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 matt81

matt81
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 12 June 2008 - 09:25 AM

Yeah, that's what option 1 above had me do. I ran the recovery console and used the rebuild command. That's what has now given me the 2 options when I bootup.

#6 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:01:29 AM

Posted 12 June 2008 - 09:46 AM

Doing a repair installation of XP would probably be what I would try...Just my opinion....
Does this look like an OldGrumpyBastard or what?

#7 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:29 AM

Posted 12 June 2008 - 09:58 AM

Boot.ini is stored in the root of your C:\ drive. The copy that you get the error for is in your C:\Windows directory (actually, it's likely not to be there since the virus was removed).

There's 2 different issues here:
1) Fixing the good boot.ini in C:\
2) Getting rid of the error message for the bad one.

To fix the good one, post a copy of it here and we'll suggest some editing.
To fix the error message, download this free utility: http://www.microsoft.com/technet/sysintern...s/Autoruns.mspx
- then search the Everything tab for a string that says "C:\Windows\boot.ini" - when you find that, remove the checkmark from the left hand side of that entry and reboot. The error message should be gone.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#8 matt81

matt81
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 12 June 2008 - 07:30 PM

Thanks John!

I have used autoruns to remove the error warning and it has worked.

Here is a copy of the current boot.ini file:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


Thanks for your assistance!
~Matt

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:29 AM

Posted 12 June 2008 - 08:42 PM

Looking at the details of the boot.ini file...I wonder why your boot partition is 2, rather than 1.

Louis

#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:29 AM

Posted 13 June 2008 - 05:31 AM

Save a copy of your boot.ini file as boot.bak (this is just in case something goes wrong.
Then delete the last line that says "multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect" (just my preference)
Save the file and reboot. The extra entry should be gone.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 hamluis

hamluis

    Moderator


  • Moderator
  • 55,398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:29 AM

Posted 13 June 2008 - 09:28 AM

What's on the first partition of your computer...since it appears that your boot.ini file is not? How many partitions on your hard drive?

Just curious :thumbsup:.

Louis

#12 matt81

matt81
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 June 2008 - 07:42 PM

Problem is fixed! Thanks for your help John!

Louis - as far as I know, I only have one partition. I have no idea why it says 2. Is that something I should be worrying about/looking into? This computer as been trouble free until that little vbs virus.

Thanks everyone!

~Matt

#13 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:02:29 AM

Posted 14 June 2008 - 06:15 AM

For more information than you ever wanted to know about boot.ini conventions: http://support.microsoft.com/?id=102873

To get an idea of what Partition 1 is, go to Start...Run...and type in "diskmgmt.msc" (without the quotes) and press Enter. There should be a description there (in the lower right hand pane) of your hard drive. The C: drive will be labeled and will be to the left of another partition. That other partition's particulars will help to tell us what it is. (FYI - there also may be another partition to the right of the C: partition that can be either for data or recovery purposes)

A lot of the major PC manufacturers will install a boot partition (usually hidden) that's separate from the OS - this will simplify things if a system reinstalltion is needed (since they won't have to rebuild the boot partition to their specs).

Edited by usasma, 14 June 2008 - 06:15 AM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#14 matt81

matt81
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 14 June 2008 - 03:52 PM

Thanks!

Turns out it's the Dell MediaDirect software. I guess they use a partition for it so you can watch movies and listen to music without booting the whole system. There is actually a separate button for it on the laptop.

Thanks again for everyone's help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users