Jump to content
Grobbs

Black screen with cursor after Malwarebytes analysis

Recommended Posts

Hi. Today I have performed a scan with Malwarebytes and, after detecting more than 30 malicious elements, it has asked me to restore my computer to complete elimination. After that, when I restart my computer appears a black screen with only the mouse cursor. I can run the task manager and when I run explorer.exe the desktop appears normally and can work. I have downloaded the mbam repair tool for false positives and still nothing. I have also run the FRST analysis. I attach both MBAM and FRST logs in case they are useful. I know there have been other threads about this topic but have not found a definite solution. Thanks in advance.

FRST.txt

Log mbam.txt

Share this post


Link to post
Share on other sites
4 hours ago, Grobbs said:

Hi. Today I have performed a scan with Malwarebytes and, after detecting more than 30 malicious elements, it has asked me to restore my computer to complete elimination. After that, when I restart my computer appears a black screen with only the mouse cursor. I can run the task manager and when I run explorer.exe the desktop appears normally and can work. I have downloaded the mbam repair tool for false positives and still nothing. I have also run the FRST analysis. I attach both MBAM and FRST logs in case they are useful. I know there have been other threads about this topic but have not found a definite solution. Thanks in advance.

FRST.txt

Log mbam.txt

I am sorry for posting it twice, I thoght the forums were independent

Share this post


Link to post
Share on other sites

Sorry to be insistent, but I would like to know is someone is trying to help me. I am sure you have a lot of stuff to do and I am not in such a hurry, but if no one can help me I will look for some other solution. Thanks

Share this post


Link to post
Share on other sites

Thanks for your help. I have run RKill and made a backup of the registry. MBAM has been scanning for over 7 hours and has not ended yet. Do you need the RKill log in the meanwhile?

Share this post


Link to post
Share on other sites

I attached the MBAM scan in the previous reply, it took like 14 hours. The PC keeps the same, after the log in screen I get the black screen with mouse cursor and need to start explorer.exe to use it normally. After that I don't have problems, but having to do that is a little bit annoying

Share this post


Link to post
Share on other sites

No, I have uninstalled it and the black screen keeps appearing after logging in

Share this post


Link to post
Share on other sites

Yes, pretty much what I thought.

At this point you have a couple of options. I can move your topic into the General PC forum now that we've scanned and cleaned for infections and see if someone can help you get this part resolved or you can look at posting on one of the Microsoft Windows 10 support forums and see if they can help you out.

Please let me know what you'd like to do

Thanks

Ron

 

Share this post


Link to post
Share on other sites

I would like the first option to see if someone can help me with this. I read some posts in the M10 forums and they didn't seem to help me a lot. Thank you

Share this post


Link to post
Share on other sites

Topic has been moved to General PC help forum. System was scanned for malware and cleaned. Any user that wishes to help @Grobbs further with his issue please do so.

Thanks

 

Share this post


Link to post
Share on other sites

Hi, @Grobbs,

Got a question for you - have you looked at disabling all of your start up items and startup non-Microsoft services to see if that helps resolve the issue?

This can be accomplished easily in Windows 10 by a couple of steps.

  1. Click the start button, then type msconfig and select System Configuration from the start menu.

    Disable Non Microsoft services 1.PNG
     
    1. An alternate way to get to system configuration is to click start, go to all apps, then scroll down to Windows Administrative Tools, and then select System Configuration.
       
  2. In the System Configuration dialog, select the Services tab.

    Disable Non Microsoft services 2.PNG
     
  3. Two Steps (must be done in this order):
    1. Click the checkbox to enable the setting Hide all Microsoft services (After clicking, the box should have a check in it).
    2. Click the Disable all button.

      Disable Non Microsoft services 3.PNG
       
  4. Now, in order to apply this to your boot sequence, you'll need to click the Apply button at the bottom.

    Disable Non Microsoft services 4.PNG
     
  5. Two steps (in order):
    1. After clicking apply above, you should see a bunch of dates and times fill the box at right side.  Verify that every thing shows there shows the current date and time.
    2. Click on the Startup tab.

      Disable Non Microsoft services 5.PNG
       
  6. Click the link that says Open Task Manager.

    Disable Non Microsoft services 6.PNG
     
    1. If you see the following, then click the More details link at the bottom left:

      Disable Non Microsoft services 7.PNG
       
  7. Click on the Startup tab.

    Disable Non Microsoft services 8.PNG
     
  8. Highlight each item and click the disable button at the bottom right.

    Disable Non Microsoft services 9.PNG
     
    1. Alternately, you can right click each item and select disable from the context menu that pops up.

      Disable Non Microsoft services 10.PNG

       
  9. Finally, after all this, you'll need to reboot your machine so that only the regular Microsoft items start up.

This should tell us if one of the items that you've installed after the OS was installed / upgraded needs attention.

I have my suspicions already, but I want to verify first that it is not system related.

Please report back if hte machine boots normally after reboot or not.

Share this post


Link to post
Share on other sites

Hi, thanks for your help. I have done as you have said and it happens the same, if I don't open the task manager I get nothing apart from the black screen with mouse.

Share this post


Link to post
Share on other sites

OK, so that narrows the problem to your system.

Let's try this. 

  1. Open a cmd  prompt with admin privileges:
    1. Right click on the start button
    2. Select Command Prompt (admin)

      Cmd Admin.PNG
       
  2. In the Command box, type the following command:
    sfc /scannow
  3. Let this run until completed
  4. Reboot.
  5. Post back if it says any errors were found.

Share this post


Link to post
Share on other sites

I have run the scan and it has not found any error. The black screen keeps appearing after reboot. This seems impossible :(

Share this post


Link to post
Share on other sites

It does sound impossible - but it is fixable.

I looked back in your MBAM log and saw that there was a registry entry showing a registry key that had been HiJacked.  Would you run another scan and then post the contents of the log here?  I have a feeling that that key is still being hijcked for some reason.  Since it points to userinit.exe (which was replaced in the hijacking) I wonder if that is the root cause of your problems in the first place.

With the stuff I had you disable in msconfig and with startup tab in Task manager, you've left those disabled for now, as well, correct?

Share this post


Link to post
Share on other sites

In which one did you see the registry entry you mention? I ran 2 of them and the second one took more than 15 hours, maybe it was also because of the rootkits scan. I posted it too here and apparently there was nothing wrong, I can do it once again if you think it could be useful.

Yes, they are disabled for now.

Share this post


Link to post
Share on other sites

In your very first mbam log in the first post, I see this:

Hijack.UserInit, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, wscript C:\WINDOWS\run.vbs //B //Nologo,, Good: (userinit.exe), Bad: (wscript C:\WINDOWS\run.vbs //B //Nologo,),Replaced,[abcb5c553a5f74c20d690d2a14f1f010]

I do not see that entry in the log you just posted.

However, I see one thing odd:  the log from 21 Abril is mostly in English.  The log you just posted is almost all Español.  You did not re-install the operating system, correct?

In researching the blank screen issue on Windows 10, I've found it is mostly due to the display driver being corrupted.  Are you using an ATI graphics card, or an nVidia graphics card?  Can you tell me the model of the card(the most powerful one if you have more than one)?

Share this post


Link to post
Share on other sites

The one I have posted today is after uninstalling and reinstalling MBAM, as @AdvancedSetup asked me to try uninstalling it and you asked me to run another scan. When I reinstalled it I did it in Spanish without taking that into account.

My graphics card is an Intel HD Graphics 4400 (it is a laptop).

Share this post


Link to post
Share on other sites

No worries - that was just an observation on my part.

Can you go to your laptop manufacturer's page and download the latest Intel HD Graphics driver for your laptop and reinstall it?

Share this post


Link to post
Share on other sites

Done. Nothing changed. I have also noticed that these last days the log on screen takes longer to load after introducing my password, just before the black screen.

Share this post


Link to post
Share on other sites

I have installed every non-uptaded driver, rebooted in safe mode (and still get the black screen) and tried some recommendations for Windows 10 in case the problem was related to the OS and the black screen strikes back. I think it was a virus and when MBAM found it and corrected it deleted the corrupted file or so. I don't mean I know better, just try to help with every piece of information I have.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.