Due to a crypto-malware infection in the computer, after logging in to your user account, a black screen appears with a Command Prompt window open. Your desktop, taskbar and the wallpaper (explorer shell) don’t get loaded, unless you type
explorer.exe in the Command Prompt window manually. This problem may continue even in the aftermath of malware or crypto-miner removal.
The malware may have changed the registry settings such that Command Prompt opens up at every login, and automatically executes a rogue program/command-line using the Command Processor’s
Autorun registry value.
Winlogon\Shellvalue is added (under
HKEY_CURRENT_USER— as a per-user override) by a malware.
Solution for Black Screen and Command Prompt at Startup Issue
To fix the problem, follow these steps:
- In the Command Prompt window, type
explorer.exeand press ENTER
- Start the Registry Editor (
Regedit.exe) and go to the following branch:
- In the right-pane, right-click on the
Shellregistry value and choose Delete.
- Right-click on the
Winlogonkey, and click Go to HKEY_LOCAL_MACHINE to jump to the equivalent registry key under the
HKEY_LOCAL_MACHINEroot key. You’ll now be taken to the following key:
- Make sure that the Shell value is set to
- Then, go to the following key:
- If the value named
Autorunexists, right-click and choose Delete.
- Exit the Registry Editor.
Also, follow up with a full system scan using Malwarebytes Premium (14-day fully functional trial available) as well as your anti-virus software with updated definitions if you haven’t done already.
One small request: If you liked this post, please share this?One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:
- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
About the author
Ramesh Srinivasan founded Winhelponline.com back in 2005. He is passionate about Microsoft technologies and he has been a Microsoft Most Valuable Professional (MVP) for 10 consecutive years from 2003 to 2012.