Black Screen and Command Prompt Open at Logon – No Explorer Shell

Due to a crypto-malware infection in the computer, after logging in to your user account, a black screen appears with a Command Prompt window open. Your desktop, taskbar and the wallpaper (explorer shell) don’t get loaded, unless you type explorer.exe in the Command Prompt window manually. This problem may continue even in the aftermath of malware or crypto-miner removal.

black screen startup command prompt opens

The malware may have changed the registry settings such that Command Prompt opens up at every login, and automatically executes a rogue program/command-line using the Command Processor’s Autorun registry value.

If you use Microsoft’s Autoruns utility to manage Windows startup, you’ll see that the Winlogon\Shell value is added (under HKEY_CURRENT_USER — as a per-user override) by a malware.

shell explorer.exe comspec malware autoruns
%comspec% set as the default shell for the current user

Solution for Black Screen and Command Prompt at Startup Issue

To fix the problem, follow these steps:

  1. In the Command Prompt window, type explorer.exe and press ENTER
  2. Start the Registry Editor (Regedit.exe) and go to the following branch:
  3. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

    shell explorer.exe winlogon hkcu comspec



  4. In the right-pane, right-click on the Shell registry value and choose Delete.
  5. Right-click on the Winlogon key, and click Go to HKEY_LOCAL_MACHINE to jump to the equivalent registry key under the HKEY_LOCAL_MACHINE root key. You’ll now be taken to the following key:
  6. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  7. Make sure that the Shell value is set to explorer.exe
  8. shell explorer.exe winlogon

  9. Then, go to the following key:
  10. HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  11. If the value named Autorun exists, right-click and choose Delete.
  12. Exit the Registry Editor.

Also, follow up with a full system scan using Malwarebytes Premium (14-day fully functional trial available) as well as your anti-virus software with updated definitions if you haven’t done already.


One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support, my reader. It won't take more than 10 seconds of your time. The share buttons are right below. :)

About the author

Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.

11 thoughts on “Black Screen and Command Prompt Open at Logon – No Explorer Shell”

  1. Now running the full system scan in malwarebytes. Saw a bunch of lag happening the past week after i went into some BOINC mining so thought it was the BOINC software giving some minor trouble. But as i got the “black screen with CMD” thing i thought i’d look into this. As i ticked all the boxes (and after i found the strange CMD autorun reg entry earlier this week with a bunch of start/stop certain tasks and connecting to random adresses, didn’t take a screencap unfortunately, but might have a backup somewhere) i was pretty sure this was why i ran into some trouble running games, high rpm on my fans and laggy windows performance. Hopefully i fixed it now :p

    Reply
  2. after months of research this fixed the problem for good..
    the problem was in the first step of deleting the Shell from “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”
    all other site give only the next steps..

    Reply
  3. Just use this if any PC opens only “command prompt” instead of opening desktop with “c:\WINDOWS\system32>” line shows on cmd black window.

    Type the following
    explorer.exe

    Thank me later.

    Reply
  4. I had the problem after remove the malware, search with hijackthis but nothing showed up, autoruns make the job, i knew it has a solution. Thanks a lot

    Reply
  5. It’s finally solved!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Thank you VERY MUCH dude!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Wish you have a nice day,THX!!!

    Reply
  6. Wow thanks so much for the help! I didnt realize the %comspec%. Simply editing that to explorer.exe did the trick. No deleting was needed.

    Reply

Leave a Comment