On 27th Nov. Prevx reported that a Black Screen issue could be a cause for woes for millions of Windows 7, Vista & XP users.
“Firstly, there appears to be many causes of the black screen issue. The symptoms are very distinctive and troublesome. After starting your Windows 7, Vista, XP, NT, W2K, W2K3 or W2K8 PC or server the system appears normal. However, after logging on there is no desktop, task bar, system tray or side bar. Instead you are left with a totally black screen and a single My Computer Explorer window. Even this window might be minimized making it hard to see.
The cause of this recent crop of Black Screen appears to be a change in the Windows Operating Systems lock down of registry keys. This change has the effect of invalidating several key registry entries if they are updated without consideration of the new ACL rules being applied. For reference the rule change does not appear to have been publicised adequately, if at all, with the recent Windows updates. “
Prevx also released a supposed fix for this:
If you have these symptoms you can safely try our free Black Screen Fix. It will fix the most common cause we have seen of this issue. Running the fix program is easy under normal circumstances, simply download with your browser using the link above and run the program.
And what did the fix patch? My MVP collegue Ramesh Kumar states that the Prevx’s fix has the following Reg Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
“Shell”=”explorer.exe”
However Prevx subsequently apologized.
“The issue appears to be related to a characteristic of the Windows Registry related to the storage of string data. In parsing the Shell value in the registry, Windows requires a null terminated “REG_SZ” string. However, if malware or indeed any other program modifies the shell entry to not include null terminating characters, the shell will no longer load properly, resulting in the infamous Black Screen with the PC showing only the My Computer folder.
We apologize to Microsoft for any inconvenience our blog may have caused. This has been a challenging issue to identify. Users who have the black screen issue referred to can still safely use our free fix tool to restore their desktop icons and task bar.”
Microsoft in turn has also issued its response:
We’ve conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November. That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don’t believe the updates are related to the “black screen” behavior described in these reports.
We’ve also checked with our worldwide Customer Service and Support organization, and they’ve told us they’re not seeing “black screen” behavior as a broad customer issue. Because these reports were not brought to us directly, it’s impossible to know conclusively what might be causing a “black screen” in those limited instances where customers have seen it. However, we do know that “black screen” behavior is associated with some malware families such as Daonol.
Via TWCF Thread.
