7 replies to this topic

[elthorne]

Hi experts! I'm using XP home. 512 DDR. My drive is partitioned into c,d,e and f drives with XP on C. My AZ antivirus recently picked up one infection and auto-deleted it. I don't know what it was. My PC is working perfectly well in all aspects save two. The first thing to appear on the black screen when booting is: 'Invalid boot.ini file. Booting from windows'. The PC then boots up normally. The second problem is this: I spend half hour writing a nice email in Outlook Express. Then I click on 'attach' to send a photo. I browse for the photo file OK. Then when moment arrives to 'attach' it, Outlook Express closes (crashes) down, I lose the email I've been working on for ever, The desktop momentarily loses all the icons then recovers. It will work if I move the photo file to desktop and attach it from there. I am capable of formatting drive C and doing a clean XP installation. But would like to avoid this if possible. Any ideas my friends? Many Thanks.

[dave38]

First, lets see why the boot error happens.
Please find the file boot.ibi, which should be in the root of the boot drive. It is normally a hidden file, See HERE for how to show hidden files.

Having found it, open it in notepad ( it's a text file) and post the contents here.

[elthorne]

Dave, Thanks for taking an interest in my problem. I have unchecked 'hide protected operating system files'. But now I've done that I don't have a clue how to find the 'boot.ini' file. You did write 'boot.ibi' but I think you meant 'ini'

[elthorne]

Dave, Further to my last post. I have found boot.ini file. Notepad was an empty page! But it had the title 'boot.ini' at the top. Boot.ini is an empty file! Strange. Who stole it?

[dave38]

Well, boot iNi ( sorry for the typo!) would be in the root of your C: drive. What shows up in that folder? The error message could mean that the file is actually missing.. There are several ways of restoring a working copy.

If the recovery console is installed, then booting to it, and entering the command bootcfg /rebuild will do it.
If the recovery console is not installed, ( not installed by default), then have a look http://sft-cyber.com/Bootini.htm]here[/url] for a complete how-to. It explains it better than I can!

Or, you can use this:-


[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating system]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"/fastdetect


Copy/paste the bold text into notepad. If you are running win XP home edition, the Professional must be replaced with Home Edition . Capitals are important, and so are the quotes.
Save it as boot.ini, and see if that cures the error message.

[elthorne]

Dear Dave, It is comforting to see that there are still a lot of kind people in the world. It goes a long way to restoring faith! Been to hell and back today, but still not out of the woods. A grey and depressing day in London did not help! After I 'spoke' to you my PC became so unstable I bit the bullet and did a format of drive C and a clean instal of XP. You know as well as I what a hassle it is re-doing internet connection, re-installing things - including antivirus and fire wall software and making the PC the old friend it once was.. It was in the short time I was connected on broadband but unprotected from antivirus and firewall that I caught something. As soon as EZ antivirus was installed I did a scan which said there were 2 infections which it said had been deleted. Namely: C:\windows\system32\mslaugh.exewin32.Poza.E.worm AND C:\windows\system32\wins\DLLHOST.exe-win32.Nach.A.worm I researched the worms and was linked to Computer Associates which came up with repair engines that I ran for both. At this moment my PC seems to be at peace. But every so often an applet (10 minutes ago) is thrown up by EZ Antivirus that says it had detected the following: C:\System Volume Information\_restore{39079651-C30A-4084-A912-7F5C5D968F3F}\RP18|A0003629.exe which is wWin32.Poza.E worm The applet had an 'OK' button which I clicked. But it still came back later. I entered all this in a search which revealed nothing (I have enabled all hidden system files to be seen). When I went to 'C:\ System Volume Information' in the hope of deleting the dayam thing it came up with an 'Access Denied' applet. I just don't know what else I can do. Oh woe! Have pity on poor old duffer!

[dave38]

At last! An easy one!

This worm is in your system restore files.
To remove it, you must disable system restore, and reboot.
That purges all the old restore points, and the files stored in system volume information blah blah.
Then you can reenable system restoren and set a clean restore point.

A detailed "how to" can be found here

[elthorne]

Dave, You lovely man!!! They say it's easy when you know how! I've done it thanks to you. Several pints of nice warm beer when you get to London. More grateful than words can express. Stephen.