OS-Win 7 Home premium
After removing the FBI ransomware with Hitman Pro and Malwarebytes, every time the welcome screen appears it fades and then goes all black with a CMD.EXE window showing. The background is all black as well. It appears similar to "Safe mode with Command prompt", except it's not in Safe mode.
If I type Explorer and hit enter, it'll load the desktop ok. (The CMD window stays until I dismiss it).
I assume it has something to do with what I saw here on the removal guide referencing the Reg key that said: \Winlogon\shell="cmd.exe", but there doesn't seem to be any other info about that.
I don't want to assume it should be changed to something like \shell=explorer.exe without an expert's advice.
EDIT: SOLVED. After looking at the same registry key in another Win 7 machine, I see that the value Shell=CMD.EXE should not be there at all! I removed the Shell key completely, and it now boots to the desktop normally.
Now I'd be curious to know how it got that way. Was it from the FBI "ransomeware" or something that Hitman Pro did in removing it?
Edited by Kewpy, 20 May 2013 - 07:37 AM.