Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After FBI ransomware removal, no Desktop only CMD.EXE window (win 7)


  • Please log in to reply
No replies to this topic

#1 Kewpy

Kewpy

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 19 May 2013 - 10:00 PM

OS-Win 7 Home premium

 

After removing the FBI ransomware with Hitman Pro and Malwarebytes, every time the welcome screen appears it fades and then goes all black with a CMD.EXE window showing. The background is all black as well. It appears similar to "Safe mode with Command prompt", except it's not in Safe mode.

 

If I type Explorer and hit enter, it'll load the desktop ok. (The CMD window stays until I dismiss it).

 

I assume it has something to do with what I saw here on the removal guide referencing the Reg key that said: \Winlogon\shell="cmd.exe", but there doesn't seem to be any other info about that.

 

I don't want to assume it should be changed to something like \shell=explorer.exe without an expert's advice.

 

Thank you.

 

EDIT: SOLVED. After looking at the same registry key in another Win 7 machine, I see that the value Shell=CMD.EXE should not be there at all! I removed the Shell key completely, and it now boots to the desktop normally.

 

Now I'd be curious to know how it got that way. Was it from the FBI "ransomeware" or something that Hitman Pro did in removing it?


Edited by Kewpy, 20 May 2013 - 07:37 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users