2

Yesterday I was installing Free Disk Usage Analyzer on my girlfriend's laptop. At the same time, some steam game of her was also running. During the process, the laptop suddendly stopped working, probably due to heat problems.

After waiting some time that it cools down, I restarted the laptop. It started normally and displayed login screen. After login, it did not displayed the desktop but a black screen and the mouse cursor. Then I tried

  • Using Alt+tab => No effect most of the time. Occasionally, some tiny bit of window about a driver for a lacking tablet displayed, but I think it is unrelated.
  • Using Windows+E => No effect but a Windows error sound
  • Using Ctrl + Alt + Suppr => working as expected

Then I launched task manager. No application was running. Looked into processes tab and did not notice anything weird at all (aside a huge load of crap processes that where mostly asus programs). But after right clicking anywhere on the screen, two more processes show up: Those are runonce.exe processes from Runonce Wrapper. Tried to terminate one of them and got the laptop working, back to its usual behaviour.

Then I guessed that those processes would have been set up by the Free Disk Usage Analyzer setup program before the laptop brutal shut down, so I restarted it, completed it and restarted the laptop. But problem was still here. Then I ran msconfig, but could not find any runonce program to disable.

So I am a bit out of clues now. How do I prevent that runonce processes to start after login and blocking the desktop?

Hennes
  • 65,804
  • 7
  • 115
  • 169
Aldian
  • 163

2 Answers2

2

Check all these in the registry: 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

All above entries are run at user logon.

Also, run MSCONFIG and also check the services part. some stuff may run as service.

PS. Instead of disk free usage analyzer, get diskstate.

Overmind
  • 10,308
0

Overmind gave me a good hint, but that did not solve the problem, because the malicious runonce key kept on returning into the registry after having been deleted. Here is what I ended to do:

  • Launch add/remove software and see what program have been installed at the same time as the one I willingly installed.
  • Uninstall it
  • Go to AppData, check the files of the malware and delete them (one of these was the target of the registry key)
  • Finally, go to the registry. Don't delete the runonce key, but rather edit it with some useless string like "hello"
  • Restart the computer.
  • Swear to never download again on http://www.01net.com (which was so trustful some years ago)

Thanks everyone.

Community
  • 1
Aldian
  • 163