1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

No "BOOT INI." Option in "msconfig" for Safemode

Discussion in 'Windows XP' started by Crimsonfury, Jul 2, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    Recently my computer has been very slow in logging in and shutting down. Also my computer has been freezing for atleast 20 seconds or more until I have to just shut it down. I also found last night that my Malawarebytes scanner found this "Rogue Installer" which I deleted. My computer is still running slow to shutdown so I'm not sure if this program is still in. Actually, for a few months I had been having some trouble(intrusions) with some type of virus.

    Today, I wanted to try to clean the computer on Safe mode. I tried numerous of times by clicking fast or holding down the f8 key for safemode but nothing happens.

    My second option was mscongfig box but I found there was no "BOOT. INI" option. I'm not sure if there is a way to restore this option? If not, is there an easier option to generate safemode? Thanks
     
  2. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    For the BOOT.INI tab missing, see this:
    http://windowsxp.mvps.org/bootini.htm

    If it's a permissions problem:
    In Tools => Folder Options check to 'Show hidden files...' and clear 'Hide protected OS files'.
    Locate the boot.ini file in the root of the C: drive, right-click and click the Security tab (in XP Pro).
    Adjust the permissions there.

    But ...
    I would try seriously to enter Safe Mode by tapping the F8 key ever second or so (don't "machine gun" it).
    The danger is that if the computer simply can't get into Safe Mode and you set the switch in the boot.ini file, you run the risk of winding up in an endless loop and can't get into any Mode, so that you would have to use a third-party boot CD that would allow you to edit the boot.ini file to manually remove the SAFEBOOT switch.

    And ...
    It sure looks like some kind of malware or badly functioning program. Try eliminating some in msconfig first.
     
  3. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    Thanks for the reply but now I got even bigger problems. I started to scan with SuperAntiSpyware and it found some infections. It wanted me to shut down so I did but then an error(which I did not record) popped up when I was shutting down. I started it back up and windows had a message saying that windows did not start properly. It had the options like Safemode so I entered that and logged on. Also on the start page there was a new acount of "Administrator" at which I did not create before and was wondering if this is contained with this virus.
    Once I opened my account, it seemed that the font was bigger and the Windows XP style had changed to the Windows Classic Style(not sure if this has to do with safemode or a virus). Right now I'm scanning with norton and AVG.

    I tried to restoring the Boot. Ini as solved in the directions. But I'm really confused with backing up keys and making it a REG. file. When I navigated to the MSCONFIG on regedit, I tried to export it but then it wanted me to save it to a drive. What name should I export it to?

    Overall, I think my system is getting worse and needs imediate help. Thanks
     
  4. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    When exporting a Registry key, you can give it any name you like, just one you can remember, and saved in a location you can remember. The purpose of exporting the key before you change anything is so you can restore things to the way they were if you have to. This is done by double-clicking on the saved .reg file.

    You can post back how your scan goes. If it gets too mixed-up you could restore the computer using System Restore, if you have it turned on and it's working, and start again. But it sure looks like you may have some malware present.

    Hopefully an expert in malware removal will come by to guide you.
     
  5. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    Ok, I just ran through Norton, AVG, and Malawarebytes. Norton on the scan stated their were 20 low risk cookies but AVG and Malawarebytes had no infections. However as I said, last night Malawarebytes found this "RogueInstaller" which may be the or 1 of the malaware that's affecting my computer. I wish I could send you the scan files however since I'm still on safemode, the internet is down(I'm currently on a different computer).

    So, I exported the msconfig box on regedit to C drive, but then when I ran on MSCONFIG, there was still no Boot. INI option. I've also clicked on the saved file, but then there is a Windows box saying the file can't be opened. So now, how do I get out of Safemode? Should I now use System Restore, even if I think maybe this virus has been quietly infecting my computer since late May? Thanks
     
  6. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    ok, I managed to get on the internet. Here's the story-

    I shut down the computer on safe mode and turned it on again. It stated that normal mode did not properly work(thinking the virus had something to do with it). I clicked the option of having safe mode with networking so here I am.

    So, I still need to know how to get out of Safe mode, and what should later do with malicious program that is (I guess), making the computer font much bigger, and turned my appearance of Window's XP to Window's Classic. I'm going to try a system restore.
     
  7. Claymore

    Claymore

    Joined:
    May 20, 2005
    Messages:
    2,548
    System Restore by itself will rarely get rid of a virus. In fact, if the Restore Point was made while the computer was infected, it will likely put it back. But it will restore the Registry which may take care of the changes to your settings. The suggestion for a System Restore is that you may then be able to start again.
    Regarding the missing BOOT.INI tab, did you try the Permissions thing?

    Removal of viruses is reserved for experts on the forum - only they are permitted to give such advice. With what MalwareBytes found it seems this may be the case. Did MalwareBytes get rid of the Rogue.Installer?
     
  8. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    It did infact delete the virus. Here's a scan log of it.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4170

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    7/1/2010 11:22:30 PM
    2nd infection virus results jult 1 2010

    Scan type: Quick scan
    Objects scanned: 131858
    Time elapsed: 11 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Error Nuker (Rogue.ErrorNuker) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Michael\Local Settings\Temp\nFX+aetu.exe.part (Rogue.Installer) -> No action taken.




    I'll try the permission's thing right now- thanks
     
  9. Crimsonfury

    Crimsonfury Thread Starter

    Joined:
    Jul 2, 2010
    Messages:
    6
    Actually, I just found the Installer with other infected items in the Quarantine Section of Malawarebytes. Should I delete them or keep them to maybe show it to a "virus" expert?

    Sorry for all these questions, but I just enabled the "show hidden files" and cleared the "protected OS" option. Then I clicked apply and ok. Now where is the root for finding Boot. ini? Thanks


    Edit: I went to local C: drive and I saw a CONFIG file which looked hidden. But when I opened it, it says Windows cannot open it.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/932915