"Don't Judge A Person By His Action, But By His Intention"

Saturday, February 12, 2011

How to fix your Windows Vista / Windows XP after it shows a blank screen after login.

A few days ago, I was referred by a friend of a friend, who had another friend who was having some problems with her PCs (pretty far huh?). She said that she can’t use her PCs anymore as both show a blank screen after Windows boot-up. It was weird that both PCs were showing the same problem that I had to see it myself. It got even weirder as one PC had Windows Vista, and the other had Windows XP.
The problem: Windows Vista or Windows XP displays a blank screen showing only the mouse pointer after booting-up (after the login screen which is usually after clicking the username).

Solution for Windows Vista / Windows XP Blank Screen after Login
Make sure first that the Task Manager is working by pressing CTRL+ALT+DEL, and choosing Task Manager. If Task Manager doesn’t work, then this guide cannot help you.
Moreover, unless specified, the steps below are both applicable for Windows Vista and Windows XP.

1. Launch the Task Manger and Restore your Desktop
Press CTRL+ALT+DEL and then go to File->New Task

When the Run window appears, type Explorer or Explorer.exe or C:\Windows\Explorer

Important: If this does not restore your desktop, your desktop icons and windows taskbar, then you should stop reading this now as this guide would not be able to help you.

2. Check your Registry
Create a New Task again by using the Task Manager. Since you now have the Taskbar restored, you can do this also by clicking Windows Start and choosing Run. When the Create a New Task or Run window appears, type regedit.

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Once you’ve clicked on WinLogon look for Shell in the right pane. Double-click on Shell and the value for Shell should only be Explorer.exe.

As can be seen above, there is an additional entry which is C:\Windows\System32\keyboard\services.exe which the Shell key refers to. Normally what we should do is just delete this additional entry and leave Explorer.exe in the field. However, if you’re seeing that value above, your computer is now infected with a Malware – specifically a Keylogger.
Important: If the value above is not just Explorer.exe but has a different additional entry (and not C:\Windows\System32\keyboard\services.exe) den just make it to explorer.exe only delete nything which follows it .
But as soon as u restart ur pc it will come again bcoz the malware is still dere go to step 3 to remove malware first then again change the registry to explorer.exe as told in step 5

3. Download and Install Unlocker software (i  will advise u to first scan ur my computer with any gud antivirus prog in safe mode bcoz nowaday they catch dis malware and remove it in but only in safe mode i m using a avg premium licenced version and it caught 24 instances of win32 sality virus for me if it works for u jump to step 5 no need of step 3 and 4  if not u can go down with the proceedings)
We won’t be using any Malware scanner or virus scanner as I have not found any which can remove this Malware. Moreover, if there is a scanner out there which could remove this Malware, I think using Unlocker is still the most simple way where you have total control of what is going on.
As I’ve mentioned, download Unlocker from CNET as their official website is currently down. Once you’ve successfully downloaded the software, install it.

4. Delete the Malware files
Go to C:\Windows\System32\keyboard\ through Windows Explorer or by typing this in the Create New Task or Run command.

You should be able to see the services.exe file. DON’T execute or double click it. Right click on it and if you’ve successfully installed Unlocker, you should be able to select it like below:

The Unlocker program should now launch and show you the Processes that are using services.exe. Select all the processes and choose, Kill Process.

Once there is no more process using services.exe, quit Unlocker, and then delete services.exe. Make sure to delete it at the Recycle Bin as well. If we don’t use Unlocker, we won’t easily delete the Malware.

For Windows Vista
Go to the following folders and delete the files indicated. Use Unlocker as needed.
C:\ProgramData\Application Data\Fearghus\ – delete lsass.exe
C:\ProgramData\Fearghus\ – delete lsass.exe
C:\ProgramData\Application Data\microsoft\usb2.0\ – delete usb-hi.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ – delete kbdrv16.com
Important: Use the Create New Task or Run window as sometimes using Windows Explorer doesn’t work saying that the folder does not exist.

For Windows XP
Go to the following folders and delete the files indicated. Use Unlocker as needed.
C:\Documents and Settings\All Users\Application Data\Fearghus\ – delete lsass.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\USB2.0\ – delete usb-hi.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ – delete kbdrv16.com

5. Clean your Registry
Launch Registration editor again by making a new task through Task Manager or by using the Run command and entering regedit.

Go to HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ and then on the right pane click USB2.0 and Keyboard and then delete both.

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and then double-click on Shell on the right pane to modify it (You can now modify it). Only Explorer.exe should be the value left.

Click Ok to accept the changes.
The only thing left to do now is restart Windows and test if the Windows desktop would still be blank.
That’s it! I hope I’ve helped you solve your problem on Windows Vista / Windows XP blank screen after login.

No comments:

Post a Comment