Solved

Windows Vista PC boots "normally" to CMD window

Posted on 2013-06-30
5
798 Views
Last Modified: 2013-07-01
A Vista PC was infected with the FBI virus.  I was able to remove it.  After that, it booted to a command window trying to run the virus application, which could not be found.

Ran regedit and removed the key HKEY_CURRENT_USER\Software\Microsoft\Command Processor.

Now, it boots to a blank command window. I can run Task Manager and type explorer at the prompt and everything starts up just fine.  I then have to exit the command window.

How can I change the registry so that it runs explorer without manual intervention?
0
Comment
Question by:splait
5 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 39288795
First, you may not have gotten rid of the virus. Be prepared for that.

Next, you should be able to run System File Checker from the command window.

Run SFC /SCANNOW and allow to complete. If it runs, restart and see what happens. I normally suggest running SFC a second time but this is not a normal situation.

Please let us know what happens.

.... Thinkpads_User
0
 
LVL 24

Expert Comment

by:aadih
ID: 39288829
If the above suggestion does not work, try a repair install.

If instructions are needed, use:

< http://www.vistax64.com/tutorials/88236-repair-install-vista.html >
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 39288856
In the registry editor (run as administrator)
change the shell="cmd.exe" to the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"

Like So.
0
 
LVL 91

Expert Comment

by:nobus
ID: 39289155
since this is a Vista system - running for 6 or more years, i suggest to backup everything, and do a fresh install
it takes time, but guarantees you a clean, fast running system in the end

**you may be able to run a factory reset - depending on the system
0
 
LVL 12

Author Closing Comment

by:splait
ID: 39289548
@ve3ofa, while this would have been the quickest solution, that variable was already set correctly.  However, the shell setting under HKEY_CURRENT_USER was "cmd.exe".  I changed that to "explorer.exe" and all is well.  Thank you! (I wish there was an "A-" selection in the grading!)

And thank you to all who responded here.  You are the vertebrae that comprise the backbone of this site!
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now