WSOD - White Screen of Death - Virus

I was surfing the net today and all of a sudden I got a white screen. Then I could hear in the background, Avast - a threat has been detected. I could not get away from the white screen other than Ctril-Alt-Del to reboot.

I tried Safe Mode, but either 2 things happen:

  1. It will boot into safe mode but after I enter my username and password it starts to load then the systems says Restarting now. So it will not go into safe mode.
  2. Will skip safe mode and will attempt to load normally.

Once it loads I get the white screen and again I hear Avast, a threat has been detected.

I did try selecting use last good Start, and when it it came said it was in Step 1 of 3 then stopped.

I am running Windows Home Vista. I do not think I still have a install/disks etc I got from Dell.

Try Alt-Tab? or windows key? in task manager try switch to avast

I have tried those mehtods. When I select Task manager you can not see anything. When I select shutdown, is when you can the task mgr., etc…

even though you cant see, Press windowskey+r, type explorer.exe press enter… wait a few seconds
If nothing happens

Press windowskey+R and type sfc /scannow Leave it for a while and see if anything happens

Will try that when I get back to the pc, Thanks!

Try Safemode with command prompt, then type explorer.exe

@islandjeep,

Provide the logs asked for here: http://forum.avast.com/index.php?topic=53253.0
and wait for a qualified removal expert to evaluate your logs…

@blakenz
As you are not a qualified removal expert, as far as we know, you should refrain from removal advice here.
A qualified remover has been informed…

polonus

Is this 32 or 64bit ?
And do you have the ability to copy files to a USB

I assume I have 32bit. I can copy files to a USB drive. It was a boxed Dell system from the store purchased a few years back.

I will include 64bit versions just in case

Download the following three programmes to your desktop :

  1. WiNTBootIc
  2. Windows Vista 32bit RC
    2(a). Windows Vista 64bit RC
  3. Farbar Recovery Scan Tool
    3(a). Farbar Recovery Scan Tool 64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

http://dl.dropbox.com/u/73555776/wintoboot.JPG

Drag and drop the Windows Vista ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

http://dl.dropbox.com/u/73555776/usb%20progress.JPG

It will let you know when it is done
Then copy FRST to the same USB

http://dl.dropbox.com/u/73555776/frstwintoboot.JPG

Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here

When you reboot you will see this.
Click repair my computer

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg

Select your operating system

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg

Select Command prompt

http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Ok upon returning the pc the white screen turns out to be the moneypak virus. FBI warning. How do I get rid of that if it will not let me load

Islandjeep.

Essexboy is an expert in removal of malware. Follow his instructions. He is located in the UK, and there could be some delay in answering your questions because of the time difference.

I was just giving ideas to try and get back to the desktop first, And safemode with command prompt then explorer.exe works in some cases

It’s not your place to do so in this section of the forum I’m afraid, posting help is restricted to the specialists.

If I may ask, where does it say this?

Sorry, I don’t have/use Avast, but I wanted to post it here because this is ‘where I was’ when I found a solution that worked.

This post is a little long but I believe in providing as much info as I can in the hope it helps someone else out.

Always remember, if your webcam activates without your prompting, put your best face forward and strategically place your middle finger where they can see it!

I was suffering from the WSOD (White Screen of Death) with the ‘webcam’ option (webcam activated) on my Vista-64 bit machine and was searching for help and came across a few ideas but the one suggestion to boot up in safe mode with the command prompt (posted by Blakenz – Thanks!!!) worked for me. Here is what I did.

First of all, I am not sure how this happened, it either came through on an Adobe update (CS6 –As the Geek Squad guy suggested) or was part of the Cloud.5 that Norton 360 discovered and quarantined. Anyway, about 5 minutes after the update my screen went white and the webcam was activated.

If your screen is white (here is what I did):

  1. Press Ctrl-Alt-Delete and that should return you to a screen where you can switch users, log off, etc. Either log off or use the shutdown option (lower right part of screen).
  2. Power up your computer and press F8 until you have the boot options displayed (Safe Mode or Start Windows normally), using the arrow keys select Safe Mode with Command Prompt and press enter. This did not work for me at first, so keep repeating the first two steps until you get the Command Prompt window to appear. It may take a few minutes.
  3. In the command window type, explorer.exe and press enter. This should allow your computer to boot up with very minimal services (No Internet), but boot up nonetheless and with no WSOD.
  4. Now, I have both Norton 360 Premiere and also the free version of Malwarebytes installed on my computer. This may have saved me, hopefully you have some type of malware removal tool already installed. If not, maybe you can put Malwarebytes on a USB stick and maybe your computer (even in a minimalist working condition) can still download the software application.
  5. Once my computer booted up in the minimal state, I ran the quick scan on my free version of Malwarebytes. It found two Trojans (probably one Trojan in two locations), that partial log is below:

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) → Data: explorer.exe,C:\Users\Joe\AppData\Roaming\skype.dat → Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Joe\AppData\Roaming\skype.dat (Trojan.Agent) → Quarantined and deleted successfully.

  1. Malwarebytes needs to shutdown your computer to successfully and fully remove these Trojans so that’s what I did and then my computer restarted with a successful boot up and no WSOD!!!
  2. I then ran a Full Scan with Norton and then another quick scan with Malwarebytes followed by a few shutdowns and restarts (by me) and then another Full Scan (all drives!) using Malwarebytes.

This seemed to have worked for me as I am posting this on the once infected computer. Again, I think what saved me was having a malware removal tool already installed before I encountered the dreaded WSOD.
It saved me about $300 from the Geek Squad ($200 yearly service fee and $85 data backup), and NO, the problem is not a video card as some have suggested.
Good Luck!

Hi,
Many thanks for your post, you help me a lot… ;D

Have a nice day
Chris