Hello, How do I view and edit the [boot] section of the system.ini file on my Windows XP machine? When I clicked Start>Run>system.ini , I got the following file in notepad : --------------- ; for 16-bit app support [drivers] wave=mmdrv.dll timer=timer.drv [mci] [driver32] [386enh] woafont=dosapp.FON EGA80WOA.FON=EGA80WOA.FON EGA40WOA.FON=EGA40WOA.FON CGA80WOA.FON=CGA80WOA.FON CGA40WOA.FON=CGA40WOA.FON ------ When I tried to directly open the c:\windows\system.ini in Notepad, I got the same lines. I also tried Start>Run>msconfig and viewed all the tabs there but same lines again. There is a virus on my sister's computer running Windows XP for which I need to edit the line starting with "Shell=Explorer.exe" in the [boot] section of system.ini file. But the [boot] section doesn't dhow up at all. Please help.

It sounds like you're reading instructions for how to clean it out of a 95/98/Me system. For XP, get into the registry (start>run, type in regedit) and navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon You should find a value called 'Shell' and its data should just be explorer.exe. If it says anything else, double-click on it to edit and fix.

These instruction are for Windows XP. I obtained the removal instructions for the svohost.exe virus (Worm TURTA.A) from the following website http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=64890&VName=WORM_TURTA.A&VSect=O The Registry Editor screen (regedit)on my sister's computer also does not stay visible long enough for her to make any changes. I checked out your intructions for regedit(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon) on my computer also running Windows XP and could not find the "Windows NT" folder under Microsoft. Maybe this is for Windows NT only. In Windows XP the folder name is just Windows under Microsoft. Also in Windows XP, Winlogon file is not there. Please help & thanks for responding.

On your sister's computer, you should be able to copy regedit.exe out of the windows folder to somewhere else, rename it, then run it. That will likely prevent the virus from shutting it down. You can also copy/rename Task Manager (from windows\system32\taskmgr.exe) if you're having problems with that as well. It would also help to be doing everything from Safe Mode (start tapping F8 when you turn the comp on). If you don't have an entry for the virus in system.ini, then don't worry about it. It's being loaded from somewhere else (probably your registry). In XP, explorer.exe loads from that key in the registry (try looking again). The article you reference doesn't mention that key, but I'd check it anyway. Also look for any references in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or just do registry searches for the virus files. An easier way of dealing with the reg entries would be to use HijackThis (best used in Safe Mode).

There is no boot section in System.ini under Windows XP. You could intact delete System.ini in its entirety and it would not effect the running of Windows XP at all. It is only there for compatibility with 16 bit applications. The same goes for win.ini as well. Stuart

Thanks HiJinx, I will try out your suggestions on my sister's computer. And thanks Stuart, now I am clear why the system.ini file on Windows XP shows only those lines.