Due to a crypto-malware infection in the computer, after logging in to your user account, a black screen appears with a Command Prompt window open. Your desktop, taskbar, and the wallpaper (explorer shell) don’t get loaded unless you type
explorer.exe in the Command Prompt window manually. This problem may continue even in the aftermath of malware or crypto-miner removal.
The malware may have changed the registry settings such that Command Prompt opens up at every login, and automatically executes a rogue program/command-line using the Command Processor’s
Autorun registry value.
Solution for Black Screen and Command Prompt at Startup Issue
To fix the problem, follow these steps:
- In the Command Prompt window, type
explorer.exeand press Enter
- Start the Registry Editor (
Regedit.exe) and go to the following branch:
- In the right-pane, right-click on the
Shellregistry value and choose Delete.
- Right-click on the
Winlogonkey, and click Go to HKEY_LOCAL_MACHINE to jump to the equivalent registry key under the
HKEY_LOCAL_MACHINEroot key. You’ll now be taken to the following key:
- Make sure that the
Shellvalue is set to
- Then, go to the following key:
- If the value named
Autorunexists, right-click, and choose Delete.
- Exit the Registry Editor.
- Follow up with a full system scan using Malwarebytes as well as your anti-virus software with updated definitions if you haven’t done it already.