Skip to main content

Shutdown computer virus... grr - solving it.. :)

My computer was infected by password-viewer.exe and pc-off.bat virus. A virus that when you type cmd on the command prompt, your pc automatically shuts down.

Thank God to this article... This one saved me. :) Here it is. :)

This is the symptom of a computer having bar311.exe virus A.K.A. winzip123. The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.

When you boot your Windows XP in Safe Mode the message appears: Thank You!!!
Password:Winzip123

The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe. So heres the solution to this problem… just follow these simple steps that im goin to discuss….

Manual removal:

1. upon start up…. after os loading… go to task manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe…

2. EDIT the following registry entries thru regedit at start/run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" —> remove ", bar311.exe" only… leave userinit.exe because this is used by Windows when you log-in…

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" –> remove "c:\Windows\pc-off.bat" or delete the autorun key.

3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun… then delete autorun.inf and password_viewer.exe or bar311.exe

4. open notepad then type what is shown below as is…

@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause

then save this as remove.bat then click to run…. it will remove this annoying types of PC shut-off thing of virus…


Article from:
http://edzzy.i.ph/blogs/edzzy/2008/03/19/command-prompt-pc-shuts-down/

Comments

Yukito Yamamoto said…
alam mo ba kung pano ibalik sa dati ung cmd? kase ako nabura na ng kaspersky ung virus, pero ung cmd ko ganito na itsura.



http://img361.imageshack.us/img361/5930/capturesn6.jpg




pano ko ba maibabalik sa dati yan? help naman! salamat!
2:29 AM
Kangel said…
hello yukito!

nabura nga yung virus but...nasa regedit pa sya. Ang gawin mo ganito.

Type mo regedit sa Run...

Tapos Ctrl-F mo to Find.

Tapos itayp mo ung pc-off.bat. Lahat ng occurences noon sa registry burahin mo. Delete lang.

Check mo rin kung meron password.exe..etc. Delete mo rin yun. :)

Try mo nagwork sa akin eh :)
3:11 PM
Anonymous said…
I just hate the time when all my data is corrupted by these stupid viruses.
1:37 PM
Anonymous said…
Knowing your pc was already affected by virus is totally terrible even more when you're doing something important and your pc will automatically shut off. To avoid these kind of situation, make sure your anti virus software are updated.
9:47 AM
Anonymous said…
bakit ganun, pg nbura ko n ung pc-off.bat, pg nirefresh ko bumabalik nnmn xa? help nmn oh.. salmat..
10:57 PM
Kangel said…
@mark - ano nakikita mo sa command prompt. dapat kapag nag ctrl alt del ka...dapat sa windows task manager...wala ng pc-off.bat

ang nasa isip ko...hindi mo masyadong nalinis yung registry. check mo ulit...step by step kung...nagawa mo tlaga..oks?

let me know mark kapag naayos na:)
11:26 PM
Anonymous said…
ui pre, naaus ko na :p

s processes, meron plng tumatakbo n Auto.exe. i stopped the process, tapos, sa C: ko, binuksan ko ung windows and removed d pc-off.bat and auto.exe n andun..

so iun, nung ngwa ko n un, naedit ko n ung registry, d n xa bmblik ^_^
aun..

tnx 4 d hospitality.. :p
1:58 PM
Anonymous said…
pre nga ba? kng hindi, ituring mo nlng din n pare ung twag ko sau hehe :p

meron nmng babae n tntwag n pre db,:p

salamt ulit :p
1:59 PM
Kangel said…
oks lang pare...im glad oks na prob mo...hihi.

oks lang pare..tawag mo sa akin... ;)

pero girl ako ha...hahaha
11:51 AM
bar311.exe said…
THank you for the tips.. I really love it..

http://guideandtips.blogspot.com/2008/10/how-to-remove-bar311exe-virus-manually.html
12:24 AM
Anonymous said…
Thank you so much for sharing this!
9:33 PM
VIRUS REMOVER EXPERT said…
thanks for this usefull info!!! many virus can remove use free powerfull tools like Malwarebyte.I already remove spyware,virus,worm from my PC use this free powerfull tools.just download and find tutorial step by step how to remove all malware use Malwarebyte at
http://freetools-virus-remover.notlong.com ......all free!!!

sharing is caring =)
1:07 AM
Free Antivirus Download said…
computer face many difficulties when viruses is come in the computer. free antivirus download
3:42 PM
Post a Comment

Popular posts from this blog

Babies ko

Hindi ko alam kung paano nangyari. Pero yes sila... sila ang mga babies ko...Nanggaling sila sa akin... Waah! *Haluscinations* Haha! Waaah! (ulet) Tinatawagan ko ang mommy ng mga batang ito...Willing po akong maging ina nila...kung kayo po at nagsasawa o nahihirapan sa kanila.Hehe. Sila ang gusto kong maging babies... :P How I wish sila ang mga magiging babies ko... So cuuuutteee! Kung mangyayari un siguro... grabeh... I'll be the most proud mom ever... Yaynesss...Kainggit ang mommy ng mga babies na ito.. - "Ok picture...1..2..3..!" - "Lets put our hands up in the air... Common!!" - "Halika rito... wag ka lumapit diyan...Kriminal iyan" - "May sasabihin ako sa iyong tsismis...wag ka maingay ha." - "Ang tigas naman talaga ng pagkain na ito...!" - "Ganito ba dapat ang pose? Hmmmn Teka...." - "Galit galit muna..." - "Hmmm...Talap talap.."
13 comments
Read more

Limang bagay na gusto kong pasabugin...

1. Ang building namin. To be specific ung 37th floor. Gagawin ko ito pag natuloy ang forever GY shift na iyan.... hehe. 2. Ang mga taong naka-shades na hindi naman sobrang sikat ang araw at sa katunayan ay nagpi-freeze na ang lugar na aming kinatatayuan ay naka-shades pa rinAnak ng tokwa talaga! Ewan ko baaahh... Nakakainis lang talaga tingnan... (Haay kayren dapat intindihin mo na lang ang sarili mong shades... at maging sarili mong buhay...hahaha!) 3. Ang mga managers na sabik sa aircon na nagrerequest na palakasin ito sa lugar namin. 4. Ang mga taong hindi tumutupad sa kanilang mga pangako... (Huhuhu...sailormoon vcds ko. waaah!) Hehe..joke! Oks lang. Hindi na ako hihiram. Bibili na lang ako. yahuu! 5. Ang ang mga naglider-lideran... mga irrational policies at mga boss na hindi marunong kumuha ng opinyon ng mga tao nya... Naku pag natuloy lang yun... Naku lang... hindi lang ako magpapasabog ng tinitirhan nya..pati ang mga kasamahan ko sa opisina makikijoin :)) Siyempre...joke lang p...
15 comments
Read more

Tagged and updates...

Dami nangyayari sa team namin lately. As usual maraming mga changes, challenges at mga nakakalokang mga adjustments na kailangan namin gawin. Kaya pa naman…pero hanggang saan at hanggang kailan? Ewan ko. Grabeh. I should really pray.. Andami ko iniisip lately. Oras-oras na lang ata.. ay hindi naman. Siguro pag nagkaroon lang ng idle moments ang utak ko.. Dun pumapasok yung ngang idea na yun na ayaw kong pagtuunan ng pansin. As in ayoko talaga.. Pero anong magagawa ko? Teka lang those ideas are not bad at all naman. As of a matter of fact…Happy thoughts naman yun e. Ayoko lang siya maisip parati dahil I am so afraid of the consequences. Only God knows what are these things that I’m talking about. Napapagod na rin ang utak ko no. Pero I can’t express them all to you. Just pray na matapos na lang ito. I don’t know how long.. But still alam ko may end naman ito.. So..haaayyyzzz. Next. I was tagged now by my friends namely Sarah and Arthur.. Yung kay Arthur nga medyo matagal na. Natatamad l...
9 comments
Read more