Jump to content

KSOD - I suspect Malware

Recommended Posts

 My friend is having a Black Screen of Death(KSOD). After trying multiple attempts to fix it, nothing has worked. After going into advanced boot options, repair, command prompt and opening RegEdit we discovered his Shell and Userinit values are changing. We've used the Command Prompt to open RegEdit and change them.  Shell gets set to cmd.exe /k start cmd.exe And Userinit gets set to X:\WINDOWS\system32\userinit.exe, After changing them correctly they still change back to the above.  There is no Safe Mode, no Task Manager etc No System Recovery slots either.

Cannot download anything to run it for any tests.

Link to post
Share on other sites

There is no way really, if we reset reg keys then as you`ve already stated they just change back. There is probably a protective rootkit hidden that we need to find.... You mention accessing command prompt... Can you go into command prompt, copy paste the following at the prompt then hit enter:

cmd /c dir /a/s c:\windows\system32\drivers\*.sys

That will produce list of drivers can you show that list for me to see....


Link to post
Share on other sites

That file is legitimate... Can you boot the system to the Recovery Environment again, then select command prompt. At the prompt type or copy/paste the following command:

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

Hit the enter key..

When complete see if windows will boot...

Edited by kevinf80
Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.