Black Screen and Command Prompt Open at Logon – No Explorer Shell

Due to a crypto-malware infection in the computer, after logging in to your user account, a black screen appears with a Command Prompt window open. Your desktop, taskbar, and the wallpaper (explorer shell) don’t get loaded unless you type explorer.exe in the Command Prompt window manually. This problem may continue even in the aftermath of malware or crypto-miner removal.

black screen startup command prompt opens

The malware may have changed the registry settings such that Command Prompt opens up at every login, and automatically executes a rogue program/command-line using the Command Processor’s Autorun registry value.

If you use Microsoft’s Autoruns utility to manage Windows startup, you’ll see that the Winlogon\Shell value is added (under HKEY_CURRENT_USER — as a per-user override) by malware.



shell explorer.exe comspec malware autoruns
%comspec% set as the default shell for the current user

Solution for Black Screen and Command Prompt at Startup Issue

To fix the problem, follow these steps:

  1. In the Command Prompt window, type explorer.exe and press Enter
  2. Start the Registry Editor (Regedit.exe) and go to the following branch:
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

    shell explorer.exe winlogon hkcu comspec

  3. In the right-pane, right-click on the Shell registry value and choose Delete.
  4. Right-click on the Winlogon key, and click Go to HKEY_LOCAL_MACHINE to jump to the equivalent registry key under the HKEY_LOCAL_MACHINE root key. You’ll now be taken to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  5. Make sure that the Shell value is set to explorer.exe
    shell explorer.exe winlogon
  6. Then, go to the following key:
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  7. If the value named Autorun exists, right-click, and choose Delete.
  8. Exit the Registry Editor.
  9. Follow up with a full system scan using Malwarebytes as well as your anti-virus software with updated definitions if you haven’t done it already.

One small request: If you liked this post, please share this?

One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
  • Pin it!
  • Share it to your favorite blog + Facebook, Reddit
  • Tweet it!
So thank you so much for your support. It won't take more than 10 seconds of your time. The share buttons are right below. :)

Ramesh Srinivasan is passionate about Microsoft technologies and he has been a consecutive ten-time recipient of the Microsoft Most Valuable Professional award in the Windows Shell/Desktop Experience category, from 2003 to 2012. He loves to troubleshoot and write about Windows. Ramesh founded Winhelponline.com in 2005.

27 thoughts on “Black Screen and Command Prompt Open at Logon – No Explorer Shell”

  1. Now running the full system scan in malwarebytes. Saw a bunch of lag happening the past week after i went into some BOINC mining so thought it was the BOINC software giving some minor trouble. But as i got the “black screen with CMD” thing i thought i’d look into this. As i ticked all the boxes (and after i found the strange CMD autorun reg entry earlier this week with a bunch of start/stop certain tasks and connecting to random adresses, didn’t take a screencap unfortunately, but might have a backup somewhere) i was pretty sure this was why i ran into some trouble running games, high rpm on my fans and laggy windows performance. Hopefully i fixed it now :p

    Reply
  2. after months of research this fixed the problem for good..
    the problem was in the first step of deleting the Shell from “HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon”
    all other site give only the next steps..

    Reply
  3. Just use this if any PC opens only “command prompt” instead of opening desktop with “c:\WINDOWS\system32>” line shows on cmd black window.

    Type the following
    explorer.exe

    Thank me later.

    Reply
  4. I had the problem after remove the malware, search with hijackthis but nothing showed up, autoruns make the job, i knew it has a solution. Thanks a lot

    Reply
  5. It’s finally solved!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Thank you VERY MUCH dude!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Wish you have a nice day,THX!!!

    Reply
  6. Wow thanks so much for the help! I didnt realize the %comspec%. Simply editing that to explorer.exe did the trick. No deleting was needed.

    Reply
  7. Thanks a lot!!! that process was very explanatory and helpful!! fixed my problem! great idea to put the screenshots of the steps! 10/10

    Reply

Leave a Comment