[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1064
  • Last Modified:

Black Screen of Death (KSOD) on Vista

Have a friends Vista box that is getting a KSOD, this is the first time I have seen this. I have tried http://discussions.virtualdr.com/showthread.php?t=237593 and all of the keys are already correct with nothing to change.

I can boot into safe mode and safe mode with networking fine. I downloaded Malware Bytes and ComboFix but neither of them will run. System restore points were turned off so I can't roll back. I booted the Vista CD and did repair my computer but that did not fix the issue.

I can hit shift a bunch of times and hear the sticky key alert but can't see or do anything. I ran a full system scan using AVG as well. Anyone have any other thoughts on what might fix it?
0
NetworkConsultant01
Asked:
NetworkConsultant01
  • 3
  • 2
  • 2
  • +2
1 Solution
 
Jackie ManCommented:
If Safe Mode works fine, disable User Access Control (UAC) and you can login to Vista afterwards.

Or upgrading to Windows 7 will solve your problem
0
 
jb2286Commented:
From Prevx.com blog:  http://info.prevx.com/download.asp?GRAB=blackscreenfix

This is a fix for the black screen problem that works typically after making sure there are no existing malware infections on the computer.

I recommend running this after using MSCONFIG to get your system down to booting into Selective Startup of the Normal boot mode.  Once booted into selective startup mode, install MS Security Essentials and run quick scan.  Then run a quick scan with Malwarebytes.  See if either of those programs find anything and if they don't, then run the black screen fix.

GL
0
 
jb2286Commented:
I forgot the special instructions for running the black screen fix, found here:

http://www.prevx.com/blog/140/Black-Screen-woes-could-affect-millions-on-Windows--Vista-and-XP.html
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Thomas Zucker-ScharffSystems AnalystCommented:
There is no doubt that this fix seems to work, but as has been reported by both Prevx and Microsoft the problem is not with Microsoft but with changes made by Prevx and compatibility issues.  Prevx even issued an apology for blaming Microsoft for this issue.
0
 
jb2286Commented:
Tzucker:  Was trying not to get into too much detail and just give the author the bare essentials

Author:  If you're interested in learning more... head to: http://www.prevx.com/blog.asp

Excerpt:  "The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated "REG_SZ" string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.

SysInternals was one of the first companies to discover this characteristic of the registry a number of years ago in their utility: RegHide http://technet.microsoft.com/en-us/sysinternals/bb897446.aspx which modifies registry entries to prevent them from being accessible within the operating system. This technique is frequently used by malware authors which is why it is recommended to first query the length of a registry value, and then read it into a buffer, forcing the null termination of strings whether or not null terminated by their content.

Having narrowed down a specific trigger for this condition we've done quite a bit of testing and re-testing on the recent Windows patches including KB976098 and KB915597 as referred to in our previous blog. Since more specifically narrowing down the cause we have been able to exonerate these patches from being a contributory factor.

We have not analyzed further whether a change occurred in the OS interpretation of this or other registry values. In any case, we believe there are significant benefits in the OS using the length of the value as recommended by the SysInternals article.

We have always strongly recommended keeping Windows and all other software up-to-date to reduce the window for exploitation by new threats. We'll keep you updated with further progress if we find anything new."
0
 
TimorosCommented:
99% Black screen of death is caused by a windows update that is installed in your pc the last days !
In case you can login safe mode, remove the latest updates or try a system restore to a previous date (at least 2 weeks ago) !

Hope that helps !
 
0
 
NetworkConsultant01Author Commented:
The Prevx fix did not work. I was incorrect in my original post about system restore being disabled, I am doing one now.
0
 
Jackie ManCommented:
You need a Vista Recovery Disk or use your Vista Setup Disk to start your PC and launch system restore to go back to a restore point when there was no problem.

URL: http://www.vistax64.com/general-discussion/146356-download-vista-recovery-console.html

A downloadable version of Vista Recovery Disk is as follow.

http://coblitz.codeen.org/neosmart.net/downloads/guides/Vista_Repair/Vista_Recovery_Disc_x86.iso

(I assume that your computer is of Vista 32 bit.)

When a problem appears in Vista and there are no clues from google, it seems to me the last resort is to use system restore as Vista is much better in system restore than the system restore in XP. System Restore in Vista is just like a time machine to go back to the exact state when the problem does not exist. But the drawback is that it consumes a lot of hard disk apace and it will restore the applications that you have removed and old version of document on desktop,

So, before your use System Restore, make sure all user data has been properly backup as it is just too powerful if Vista thinks that the path you stored your data is part of the system folders.

In a nutshell, System Restore can reduce the time of troubleshooting (except the problem is caused by hardware failure) but it must be used with due care.
0
 
NetworkConsultant01Author Commented:
Nothing worked, I ended up backing up date and using the Dell recovery partition.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now