Jump to content

Black screen with cursor after Malwarebytes analysis


Grobbs

Recommended Posts

Hi. Today I have performed a scan with Malwarebytes and, after detecting more than 30 malicious elements, it has asked me to restore my computer to complete elimination. After that, when I restart my computer appears a black screen with only the mouse cursor. I can run the task manager and when I run explorer.exe the desktop appears normally and can work. I have downloaded the mbam repair tool for false positives and still nothing. I have also run the FRST analysis. I attach both MBAM and FRST logs in case they are useful. I know there have been other threads about this topic but have not found a definite solution. Thanks in advance.

FRST.txt

Log mbam.txt

Link to post
Share on other sites

4 hours ago, Grobbs said:

Hi. Today I have performed a scan with Malwarebytes and, after detecting more than 30 malicious elements, it has asked me to restore my computer to complete elimination. After that, when I restart my computer appears a black screen with only the mouse cursor. I can run the task manager and when I run explorer.exe the desktop appears normally and can work. I have downloaded the mbam repair tool for false positives and still nothing. I have also run the FRST analysis. I attach both MBAM and FRST logs in case they are useful. I know there have been other threads about this topic but have not found a definite solution. Thanks in advance.

FRST.txt

Log mbam.txt

I am sorry for posting it twice, I thoght the forums were independent

Link to post
Share on other sites

I attached the MBAM scan in the previous reply, it took like 14 hours. The PC keeps the same, after the log in screen I get the black screen with mouse cursor and need to start explorer.exe to use it normally. After that I don't have problems, but having to do that is a little bit annoying

Link to post
Share on other sites

  • Root Admin

Yes, pretty much what I thought.

At this point you have a couple of options. I can move your topic into the General PC forum now that we've scanned and cleaned for infections and see if someone can help you get this part resolved or you can look at posting on one of the Microsoft Windows 10 support forums and see if they can help you out.

Please let me know what you'd like to do

Thanks

Ron

 

Link to post
Share on other sites

Hi, @Grobbs,

Got a question for you - have you looked at disabling all of your start up items and startup non-Microsoft services to see if that helps resolve the issue?

This can be accomplished easily in Windows 10 by a couple of steps.

  1. Click the start button, then type msconfig and select System Configuration from the start menu.

    Disable Non Microsoft services 1.PNG
     
    1. An alternate way to get to system configuration is to click start, go to all apps, then scroll down to Windows Administrative Tools, and then select System Configuration.
       
  2. In the System Configuration dialog, select the Services tab.

    Disable Non Microsoft services 2.PNG
     
  3. Two Steps (must be done in this order):
    1. Click the checkbox to enable the setting Hide all Microsoft services (After clicking, the box should have a check in it).
    2. Click the Disable all button.

      Disable Non Microsoft services 3.PNG
       
  4. Now, in order to apply this to your boot sequence, you'll need to click the Apply button at the bottom.

    Disable Non Microsoft services 4.PNG
     
  5. Two steps (in order):
    1. After clicking apply above, you should see a bunch of dates and times fill the box at right side.  Verify that every thing shows there shows the current date and time.
    2. Click on the Startup tab.

      Disable Non Microsoft services 5.PNG
       
  6. Click the link that says Open Task Manager.

    Disable Non Microsoft services 6.PNG
     
    1. If you see the following, then click the More details link at the bottom left:

      Disable Non Microsoft services 7.PNG
       
  7. Click on the Startup tab.

    Disable Non Microsoft services 8.PNG
     
  8. Highlight each item and click the disable button at the bottom right.

    Disable Non Microsoft services 9.PNG
     
    1. Alternately, you can right click each item and select disable from the context menu that pops up.

      Disable Non Microsoft services 10.PNG

       
  9. Finally, after all this, you'll need to reboot your machine so that only the regular Microsoft items start up.

This should tell us if one of the items that you've installed after the OS was installed / upgraded needs attention.

I have my suspicions already, but I want to verify first that it is not system related.

Please report back if hte machine boots normally after reboot or not.

Link to post
Share on other sites

OK, so that narrows the problem to your system.

Let's try this. 

  1. Open a cmd  prompt with admin privileges:
    1. Right click on the start button
    2. Select Command Prompt (admin)

      Cmd Admin.PNG
       
  2. In the Command box, type the following command:
    sfc /scannow
  3. Let this run until completed
  4. Reboot.
  5. Post back if it says any errors were found.
Link to post
Share on other sites

It does sound impossible - but it is fixable.

I looked back in your MBAM log and saw that there was a registry entry showing a registry key that had been HiJacked.  Would you run another scan and then post the contents of the log here?  I have a feeling that that key is still being hijcked for some reason.  Since it points to userinit.exe (which was replaced in the hijacking) I wonder if that is the root cause of your problems in the first place.

With the stuff I had you disable in msconfig and with startup tab in Task manager, you've left those disabled for now, as well, correct?

Link to post
Share on other sites

In which one did you see the registry entry you mention? I ran 2 of them and the second one took more than 15 hours, maybe it was also because of the rootkits scan. I posted it too here and apparently there was nothing wrong, I can do it once again if you think it could be useful.

Yes, they are disabled for now.

Link to post
Share on other sites

In your very first mbam log in the first post, I see this:

Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\WINDOWS\run.vbs //B //Nologo,, Good: (userinit.exe), Bad: (wscript C:\WINDOWS\run.vbs //B //Nologo,),Replaced,[abcb5c553a5f74c20d690d2a14f1f010]

I do not see that entry in the log you just posted.

However, I see one thing odd:  the log from 21 Abril is mostly in English.  The log you just posted is almost all Español.  You did not re-install the operating system, correct?

In researching the blank screen issue on Windows 10, I've found it is mostly due to the display driver being corrupted.  Are you using an ATI graphics card, or an nVidia graphics card?  Can you tell me the model of the card(the most powerful one if you have more than one)?

Link to post
Share on other sites

The one I have posted today is after uninstalling and reinstalling MBAM, as @AdvancedSetup asked me to try uninstalling it and you asked me to run another scan. When I reinstalled it I did it in Spanish without taking that into account.

My graphics card is an Intel HD Graphics 4400 (it is a laptop).

Link to post
Share on other sites

I have installed every non-uptaded driver, rebooted in safe mode (and still get the black screen) and tried some recommendations for Windows 10 in case the problem was related to the OS and the black screen strikes back. I think it was a virus and when MBAM found it and corrected it deleted the corrupted file or so. I don't mean I know better, just try to help with every piece of information I have.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.