Blank screen after virus removal

R

rjnhguav

New Member
Reaction score
0
I am repairing a Windows XP laptop that had several viruses. Using UBCD, I ran the Avir virus software. It cleaned a lot of stuff from the Laptop however after rebooting I see the boot progress screen but then it goes blank, it will not boot into Windows. What, if anything can I do to fix this?
 
Last edited:
None of these seem to fix the problem which I now think might be due to her profile being corrupted. The computer shows the boot/progress screen then goes blank, (not black), as if it is going to load the desktop but does not. Does the same thing when trying to load safe mode. Is there a way to create a test profile to try an boot to?
 
If you believe the problem to be profile related, you could always try removing the Users profile.

Rename the profile directory (DO NOT DELETE), this will force the system to reload the profile.


Another possibility that i have seen before is that spyware had modified the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell key.

This should be set as explorer.exe, malware can change this key to point to there own exe's that load malware then loads your explorer process. If the exe that this points to has been removed by the mal ware remover application then it can cause the problems you are experiancing.

Check the key is pointing to explorer.exe, if it is check the presence of explorer.exe on the loacal system. If its not there extract it from the setup CD. There will be a KB article on how to do this.
 
RNR-IT said:
If you believe the problem to be profile related, you could always try removing the Users profile.

Rename the profile directory (DO NOT DELETE), this will force the system to reload the profile.


Another possibility that i have seen before is that spyware had modified the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell key.

This should be set as explorer.exe, malware can change this key to point to there own exe's that load malware then loads your explorer process. If the exe that this points to has been removed by the mal ware remover application then it can cause the problems you are experiancing.

Check the key is pointing to explorer.exe, if it is check the presence of explorer.exe on the loacal system. If its not there extract it from the setup CD. There will be a KB article on how to do this.
Click to expand...

This is what I found:
HKEY_Local_Machine\software\microsoft\windows nt\currentversion\winlogon\shell - key was set to preshell.exe, changing it to explorer.exe did not help. I searched both the Windows directory and the Windows\System32 directory for explorer.exe and did not find it. Also I found a lot of *.tmp files within the system32 directory instead of in a Temp folder, that's courious. Can I use any setup CD to extract explorer.exe or will it need to be the specific CD for her computer?
 
Last edited:
Boot into the recovery Console then type >

expand e:\I386\explorer.ex_ %systemroot%\explorer.exe

(where e:\ is the drive letter of your OS CDROM)

I would advise doing this from an OS CD with the same level service pack slipstreamed as the current OS installation.

Hope this helps.
 
RNR-IT said:
Boot into the recovery Console then type >

expand e:\I386\explorer.ex_ %systemroot%\explorer.exe

(where e:\ is the drive letter of your OS CDROM)

I would advise doing this from an OS CD with the same level service pack slipstreamed as the current OS installation.

Hope this helps.
Click to expand...

I was sure this would do the trick however it returns "Unable to creare file explorer.exe. Could this be because %systemroot% is set as read only?

When in the recovery console, C:\WINDOWS (I type in) expand d:\I386\explorer.ex_ %systemroot%\explorer.exe and get that message.
 
my fix is a bit simpler since you said your problem started after virus/spyware removal

1. it doesnt matter if its xp home or pro
2. copy your windows/system32/userinit.exe file from your working computer onto cd or thumb drive and or salve their hd to your machine and copy it over to their machine in the windows/system32 folder...rename their userinit.exe to userinit.old
3. start their computer and see if that resolves it
 
Pc Fixed Right said:
my fix is a bit simpler since you said your problem started after virus/spyware removal

1. it doesnt matter if its xp home or pro
2. copy your windows/system32/userinit.exe file from your working computer onto cd or thumb drive and or salve their hd to your machine and copy it over to their machine in the windows/system32 folder...rename their userinit.exe to userinit.old
3. start their computer and see if that resolves it
Click to expand...

Wow, that file is not present on her computer, you think that might be the cause? However, when using UCBD and exploring the registry it is referenced under HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon with the value of x:\i386\system32\userinit.exe.

x I think is the ram drive.

Also, when I change the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell key to explorer.exe then try a reboot into Windows, the boot fails and returning to the registry key shows it has been changed back to preshell.exe. I feel like I'm in a fight for my life here.
 
Last edited:
Try this mate, it may not be as complicated as you think.

  • F8 at start up
  • Select Directory Services Restore Mode (Windows Domain Controllers Only)
  • If you get the login or XP starts delete (uninstall) the video driver
  • Restart
 
I want to thank everyone for helping. We decided to just reimage the HDD after backing up all her data files.
 
You must log in or register to reply here.

Similar threads

fincoder
Lenovo M70s Gen 5 can't update BIOS
Replies
3
Views
238
fincoder
fincoder
Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
300
NviGate Systems
NviGate Systems
osanders
[SOLVED] Blank HP Laptop Screen (Damaged Panel?)
Replies
4
Views
580
alexsmith2709
A
JohnDoe1980
Black screen on windows logon after power surge
Replies
6
Views
970
JohnDoe1980
JohnDoe1980
britechguy
Is it any wonder that we have these problems with laptop lids/hinges?!!!
2
Replies
24
Views
1K
Philippe
Philippe
Back
Top