blank screen with mouse arrow - virus

HvyMtl

[H]ard|Gawd
Joined
Dec 3, 2003
Messages
1,730
Ok, I have a Windows 7 machine with a virus on it. It seems the virus puts a blank screen overlay, just after the windows boot screen. I cannot get past it.

I have tried both Kaspersky Rescue Disk 10, and Bitdefender Rescue Disk. Both removed approximately 100 trojans, and a half dozen adware.

However, the blank screen with mouse prevails. Therefore, I cannot do anything to remove the virus when the OS is booted. The ctrl-alt-del to get to the task manager does not work either. Still just the blank screen, with a mouse arrow (you can move it around and click all over the place, but it does nothing...)

Does anyone know how to remove this virus?
 
Ok, I have a Windows 7 machine with a virus on it. It seems the virus puts a blank screen overlay, just after the windows boot screen. I cannot get past it.

I have tried both Kaspersky Rescue Disk 10, and Bitdefender Rescue Disk. Both removed approximately 100 trojans, and a half dozen adware.

However, the blank screen with mouse prevails. Therefore, I cannot do anything to remove the virus when the OS is booted. The ctrl-alt-del to get to the task manager does not work either. Still just the blank screen, with a mouse arrow (you can move it around and click all over the place, but it does nothing...)

Does anyone know how to remove this virus?

Easy, format and reinstall. I hope you have backups or at least partitioned your harddrive so that your C: only contains basic programs and the OS.
 
yeah, no.

There is no back up, and there is crucial stuff on the drive. In addition, the recovery partition may be corrupted as well...

the format and reinstall option is off the table. (Friend's computer, so yeah, he didn't follow the advice I gave of backing up, partition the drive, and have recovery disks made...)

Any other suggestions?
 
Last edited:
Sometimes, it can be an infection that has caused that. However, I have found that the problem you are describing is either a severely corrupted OS or a failing hard drive. I would test the drive just in case and if it passes, I would backup and redo. Oh, and it is entirely up to you but, backup and redo is really the only viable option at this point. (I have ran into that at least a dozen times in the last 5 years and without exception, a backup and redo had to be done. However, most were also a failing hard drive.)
 
Pull the hard drive and put it in another machine. Copy all your stuff, put the drive back in the infected pc and wipe, re-install.
 
hmm. Ok. I have seen where this is part of the "you pay me $, or I hold your computer hostage" type of virus. Where you do not pay, or give credit card info, and they block your computer.
Hard drive seemed to be fine on the system, but I will test it again, once I get back to my friend's house.
 
hard disk passed muster. (or mustard, as the case may be...)

After researching, this is the virus, it is not a hardware/driver issue. It is called the "white screen" virus. It is a hostage virus, similar to the moneypac virus (give us your credit card info, or call this 800 number with your cc info, or put in a western union, or money pac number to release your computer...)

So, any suggestions on removing the virus, not including format and reinstall?

Yes, the recovery partition is corrupted, and yes, the fellow never made recovery disks, and yes, there is important info on the computer, which needs to be retained.

Owner wishes the computer not be taken apart to get to the hard drive.
 
hard disk passed muster. (or mustard, as the case may be...)

After researching, this is the virus, it is not a hardware/driver issue. It is called the "white screen" virus. It is a hostage virus, similar to the moneypac virus (give us your credit card info, or call this 800 number with your cc info, or put in a western union, or money pac number to release your computer...)

So, any suggestions on removing the virus, not including format and reinstall?

Yes, the recovery partition is corrupted, and yes, the fellow never made recovery disks, and yes, there is important info on the computer, which needs to be retained.

Owner wishes the computer not be taken apart to get to the hard drive.

Hi, HvyMtl

Have you tried burning a Linux distro like Puppy Linux to a USB and booting the computer with that to see you can recover the files that way?

Just a thought.
 
yeah, no.

There is no back up, and there is crucial stuff on the drive. In addition, the recovery partition may be corrupted as well...

the format and reinstall option is off the table. (Friend's computer, so yeah, he didn't follow the advice I gave of backing up, partition the drive, and have recovery disks made...)

Any other suggestions?

If the 'crucial' stuff is the problem on the computer, just boot up a linux live cd and copy everything 'crucial' to an external drive or a USB stick. Then format and reinstall.

I wouldn't trust any antivirus or manual instruction, if it's a nasty infection there's absolutely no garantee you can get rid of it. Everything may seem fine and then you see your online bank hacked the next day.
 
Aha, you are talking about the Trojan Revetron. Follow these instructions:

http://malwaretips.com/blogs/remove-white-screen-virus/

The first set of instructions will not work, because they have managed to prevent you from following them by corrupting the System Restore. You probably saw this and did not read further because you couldn't do System Restore. But there are more options! Scroll down the page, and try Option 2, which starts with using HitmanPro KickStart, and if that doesn't work try Option 3 which uses Kaspersky Rescue Disk.
 
Hmm linux distro to remove the files, then format and reinstall... I am not Linux literate, so I need a bootable linux cd... Puppy Linux? Never heard of it (I admit my lack of non-Windows OS experience.) My friend is adamant about NOT formatting and reinstalling. I will try to talk him into it.

ComboFix, I am looking into. - Ok, combofix requires access to the OS, as the screen is blanketed by the virus, one cannot see the desktop. So, one cannot run the program, unless it is used in conjunction with a boot disk. And since it is Win OS specific, finding a Win bootable disk, which is not a repair disk, or the original install disk... Well, I haven't found one in the wild, I would trust.

Hitman Pro, I also hit on, and did not know it had a bootable USB option. I will try this.

Any other suggestions?
 
Last edited:
Yes, the recovery partition is corrupted, and yes, the fellow never made recovery disks, and yes, there is important info on the computer, which needs to be retained.

Owner wishes the computer not be taken apart to get to the hard drive.

It seems to me the owner needs to compromise a bit here. Owner never listened to advise, computer got hosed and now owner is making the recovery process difficult. So now owner expects you have to jump though a bunch of additional hoops in order to help them? I don't think so.
 
Yeah, maw, I would do it my way, but it's a relative and friend. :/ So, yeah. Compromise? Well, let's just try to keep the family happy with each other... for now.

Hitmanpro I will be trying on it, havent tested the usb yet... Systemrescuecd looks interesting, I am going to see about that too.

Thanks. Love this forum, the members rock.
 
Could be a TDSS virus. boot to UBCD or a linux drive download TDSS killer set paramaters to search for tdlss file system. Worth a shot may work.
 
Ok, the Hitmanpro worked. I then hit the computer with Kaspersky rescue disk, bitdefender rescue disk, TDSS Killer, and malwarebytes.

The fellow had just purchased McAfee Livesafe (actual pay to play antivirus) and I installed it.

Seems the fellow is virus free now, and system seems stable. (I was concerned it would not be... as it had multiple viruses...)

I now have the fellow doing back ups to an external drive, and running malwarebytes weekly...

As for where the virus came from? He was downloading music. I think he got it that way...

Thanks again, you guys rock!
 
Back
Top