Windows Vista / Windows XP Blank Screen after Login – Version 2

There is another version of the virus/worm/Trojan which makes your Windows Vista or Windows XP show a blank screen after login. This is how to fix it.

There is another variant of the virus/worm/Trojan which makes your Windows Vista or Windows XP blank after login. We’ve discussed in an earlier article how to fix a previous variant of this virus (you can find the previous article here), but this variant requires another kind of approach.

To be more specific, the virus we discussed previously had 4 types of processes which it runs that we had to stop and delete – services.exe, lsass.exe, usb-hi.exe, and kbdrv16.com

However, this other kind of virus only has 2 types of processes which it runs that we have to stop and delete – services.exe and kbdrv32.com

Notice that the previous virus was kbdrv16.com, but now it is kbdrv32.com.

When you have this kind of virus its main symptom is still the same: Windows Vista / Windows XP displays a blank screen showing only the mouse pointer after booting-up (after the login screen which is usually after clicking the username).

 

Solution:

Make sure first that your Task Manager is working. You can check this by pressing CTRL+ALT+DEL and then choosing Task Manager. If Task Manager doesn’t work, then this guide will not be able to help.

Moreover, unless specified, all the steps are applicable to Windows Vista and Windows XP.

 

1. Launch Task Manager and Restore your Desktop

Press CTRL+ALT+DEL and then click File->New Task

 

When the Run window appears, type Explorer or Explorer.exe or C:WindowsExplorer

 

Important: This step should already restore your desktop (your wallpaper, desktop icons, taskbar, etc). If it doesn’t, then this guide will not be able to help you.

 

2. Check your Registry

Create a New Task by again using the Task Manager or by clicking Windows Start and then choosing Run. When the Create a New Task or Run window appears, type regedit.

 

Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon. Once you’ve clicked on Winlogon look for Shell in the right pane. Double-click on Shell and the value for Shell should only be Explorer.exe.

 

As can be seen above, there is an additional entry which is C:Windowsservices.exe which the Shell key refers to. Normally what we should do is just delete this additional entry and leave Explorer.exe in the field. But even if you delete the additional entry, it would come back a few seconds after deletion as your computer is now infected with a Malware – specifically a Key Logger.

Important: If the value above is not just Explorer.exe and has a different additional entry (and not C:Windowsservices.exe), then you may have another kind of Malware. If the additional entry is C:WindowsSystem32keyboardservices.exe, then you should read my previous article here – Windows Vista / Windows XP Blank Screen after Login. If it’s neither of the two, then this guide would not help you.

 

3. Stop the Virus Processes

You’ll need to open Task Manager again by pressing CTRL+ALT+DEL and choosing Task Manager. Click the Processes Tab and then sort by Description by clicking on the Description field.

Look for the description Win32 Keyboard Driver. You should be able to see 3 processes like below.

 

You would need to end the 3 processes shown above. You can do this by right clicking on the process and choosing End Process.

 

Important: You should end the 3 processes quickly because if you only end one and you don’t immediately end the other 2 processes, the recently ended process would just be started again.

Again, make sure that the three processes are all ended.

 

4. Delete the Malware Files

Go to C:Windows and look for services.exe and then delete it.

 

Go to following folders and delete the files indicated.

For Windows Vista
C:Users<Username>AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup – delete kbdrv32.com

Important: Change <Username> with the appropriate usernames that are being used in your Windows Vista. Check your C:Users folder and this folder should indicate all the usernames your Windows Vista is using. Check all the usernames for kbdrv32.com and delete it.

 

For Windows XP
C:Documents and SettingsAll UsersStart MenuProgramsStartup – delete kbdrv32.com

Important: After checking C:Documents and SettingsAll Users, change “All Users” to the other usernames being used in your Windows XP. Check the C:Documents and Settings folder and this folder should indicate all the usernames your Windows XP is and has been using. Check all the usernames for kbdrv32.com and delete it.

C:WINDOWSsystem32configsystemprofileStart MenuProgramsStartup – delete kbdrv32.com

 

Thus, all we are deleting are two kinds of files, services.exe and kbdrv32.com. We are just making sure that all instances of the virus are deleted.

 

5. Clean your Registry

Launch Registration editor again by making a new task through Task Manager or by using the Run command and entering regedit.

 

Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon and then double-click on Shell on the right pane to modify it (You can now modify it). Only Explorer.exe should be the value left.

 

Click Ok to accept the changes.

The virus or malware should now be removed. If you experienced the blank screen after login symptom, be sure to restart Windows to test if it will happen again.

 

That’s it! I hope I’ve helped you solve your problem on Windows Vista / Windows XP blank screen after login.