I'm looking for a simple way to remove alterations to ini files made by viruses, e.g., in system.ini "shell=explorer.exe system.com" back to "shell=explorer.exe". I can do it in a round about way with the "Find" command, but there must be a better way. I would appreciate help. Thanks.

Hi I have an old PC Magazine utility, thats lets you change Text, Control codes from the command line or a Batch file. If you can't find it on the web, sent me a email. Syntax of program below. ---------------- CHANGE Michael J. Mefford -------------------------- Purpose ------- Performs a rapid search-and-replace operation for text strings and/or ASCII decimal codes throughout a file of maximum 40,000-byte length. Format ------ CHANGE filespec findstring replacestring Remarks ------- The filespec parameter may include a drive letter and a path in addition to the designated filename. Findstring and replacestring may consist of text characters enclosed within (double) quote marks or ASCII decimal codes whose numbers are separated by commas. Note that the format requires that each parameter be separated by a single space. Text strings in quotes and ASCII values in numerals may be combined in either string if separated by commas. Example -------- To change all references to Miss Jones to Mrs. Smith in the file NOGOSSIP.ART on the current directory, you would enter CHANGE NOGOSSIP.ART "Miss Jones" "Mrs. Smith" Example -------- To strip out all carriage return-line feeds (i.e. replace them with a null string) in the file MCI.B16 in the \COMM subdirectory, enter CHANGE \COMM\MCI.B16 13,10 "" Notes ----- 1. In the second example you might want to use a space between the quote marks rather than a null string to keep the words from running together. Observe that by putting the number of the month in hexadecimal (B=November) you can fit both month and day within the three character DOS filename extension. ----------------

I appreciate the info. I found basically the same utility, called ChangeINI. It's here if anyone is interested: http://elmo.winsite.com/bin/Info?500000027109 More an more viruses are altering System.ini and win.ini files as a way to start. "Shell=Explorer.exe", for example, could become "Shell=Explorer.exe dust.exe" as a way for W32.HLLW.Studd to start. If you delete dust.exe, you could get the famous "Error Loading Explorer.exe You must Reinstall Windows" message. Removing "Dust.exe" from the ini file would fix it, so a utility like this is valuable, especially run from a dos environment if you can't boot. I'm not trying to lecture, I just added this stuff in case anyone else has had as much trouble as I have with this stuff. Once again, thanks.

An inf file could plonk down whatever you wanted under that specific section and Run= entry, but Windows has to be running in order for it to happen so that would be useless under a severe virus attack. But... Changing the files' attributes to read only would be a low tech approach as would saving a copy under a different names/locals, then at boot up, deltree the read only files and copy/rename in one process and then reattribute them for constant protection. Deltree can be aimed specifically at one file just in case you didn't know that. Go DOS!

any of u techies no how to get rid of it from windows xp becuase i have it an norton cant do squat and when i try to edit it theres no line with explorer