Black / Blank screen after login
Hi all
Its been 5 days since i have locked out of my pc (vista home).
*Problem:*
Switch on PC, Choose any user from list, after login, i get a black
screen. After searching i found my way to the registry using F8->Repair
..->Command promt->regedit.exe
In there i found that the everytime i change
[*HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell*]
to explorer.exe, and restart my pc, it changes to *cmd.exe /k start
cmd.exe* .
i dont know what to do now. The following didnt work:
- CTRL-ALT-DELETE/CRTL-SHFT-ESC to show task manager
- Safe mode
- System restore and repair
Re: Black / Blank screen after login
You could try having a look at the registry keys that run programs on start-up.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Have a look on the right side and delete anything that looks suspicious.
I have only one entry there, for the sidebar gadgets.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
I have only one entry there, for Windows Defender.
I do not have this key in my registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
so I don't know what to suggest about that.
Re: Black / Blank screen after login
My guess (because I can't see the machine) is that your computer is severely
infected which is why the shell setting changes upon reboot. Since you
haven't told us anything about your computer and its recent history (except
that you've had this problem for 5 days) or your security/antivirus
protection, that's about as specific as I can guess.
You could try booting with a Bart's PE with an antivirus plugin and scanning
from there. Or you could pull the drive and attach it to a working computer
running XP or Vista and use the installed av to scan it from there.
Standard disclaimer: I can't see and test your computer myself, so these are
just suggestions based on many years of being a professional computer tech;
suggestions based on what you've written. You should not take my
suggestions as a definitive diagnosis. If you can't do the work yourself
(and there is no shame in admitting this isn't your cup of tea), take the
machine to a professional computer repair shop (not your local equivalent
of BigComputerStore/GeekSquad). If possible, have all your data backed up
before you take the machine into a shop.
Re: Black / Blank screen after login
Hi,
For starters, that should be the HKLM branch, not the HKCU branch, and your
key is entirely the wrong path. It should be:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Note that this is the "Windows NT" key, not just "Windows", and not the
"Explorer" key but the "Winlogon" key.
Try changing it there. As Malke has pointed out, you most likely have a
serious infection which is best attacked from outside of Windows.
Re: Black / Blank screen after login
Thank you for your replies.
I was mistaken it is in the
*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon
*My laptop is a Toshiba P100, got it a year ago,running the latest
symantec endpoint protection, two days before it went blank i installed
divx and the latest windows update. Before then i was using skype,xlite
with x-ten, fireworks,dreamweaver,visual studio 2005, sql server 2005,
mysql 5.1, office 2007 and all toshiba programs that came with the pc.
I have also changed it to explorer.exe but it keeps going back to
cmd.exe /k start cmd.exe*
the only thing left to try is scanning from another machine and
formating i guess.
Re: Black / Blank screen after login
I Googled "cmd.exe /k start cmd.exe" and came across this rootkit forum's page:
http://www.rootkit.cz/forum/viewtopi...639a1e2fb8f250
If you look at the HijackThis posting you will see the "cmd.exe /k start cmd.exe" entry in the F2 section.
The HijackThis help file says this about F section entries:
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
So it may be worth looking at your system.ini and win.ini files via the command prompt.
They are at c:windows\system.ini and c;\windows\win.ini
Navigate to c:\windows and type in edit system.ini
You can REM anything out with a semi-colon ( like the first line is).
It's a long shot, but if you have tried everything else...
