Computer Shuts Down when you Open up CMD (Command Prompt)

Computer Shuts Down when you Open up CMD (Command Prompt)

This is the symptom of a computer having bar311.exe virus A.K.A. winzip123. The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.

When you boot your Windows XP in Safe Mode the message appears: Thank You!!!
Password:Winzip123


The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.

Manual removal is outlined below. Download bar311.exe - winzip123.exe Automatic Remover here.

Manual removal:

1. upon start up.... after os loading... go to task manager by pressing CTRL+ALT+DEL then kill password_viewer.exe or bar311.exe or photos.zip.exe...

2. EDIT the following registry entries thru regedit at start/run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" ---> remove ", bar311.exe" only... leave userinit.exe because this is used by Windows when you log-in...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" --> remove "c:\Windows\pc-off.bat" or delete the autorun key.


3. go to your flash drive (USB drive), please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe


4. open notepad then type what is shown below as is...

@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause

then save this as remove.bat then click to run.... this will remove the virus...

Comments

Anonymous said…
Your Suggestation is very help ful thans a lot
Anonymous said…
thanks, it works
Anonymous said…
Thank you. You're the man! :)
Anonymous said…
thanks a lot..but how did u know? did u develop the virus urself?
Anonymous said…
kick @ss! killed the virus in a snap. Now, time to get an avs. Thanks!
Anonymous said…
wth, avg can't piss it off...
Anonymous said…
nicely done sir!
Anonymous said…
Thanks for sharing this solution.. was very helpful! Thanks again
Anonymous said…
nice tut man....^^
dam avg....
Anonymous said…
Great! It really helps.
Thank you...
Anonymous said…
salamat
Anonymous said…
Thanks for this blog, now I can use my cmd :)

More power to you sir! :)
Anonymous said…
IT WORKS!!!!
THANK YOU!!!!
YIPEEE!!!
Anonymous said…
wow galeng
Unknown said…
you're a genius! lufet!
Unknown said…
AVG can't detect that @#+!% virus...but YOU'RE THE MAN!
Anonymous said…
I love you for that
Anonymous said…
salamat
ObnoxiousDweeb said…
I'm a Believer!!!! WAHOOO!!!!! Curse the one who created that virus, and all hail to you for your solution!!!
Anonymous said…
thanks so much!
Anonymous said…
thank you sooooo..much.... your post is superb..:)
Anonymous said…
w00t! Thanks to you problem has been resolved. It's kinda crappy that my AVG is up to date but it can't detect it. :S
Anonymous said…
wow!..thanks alot!,it really works!..:)
Anonymous said…
thanks. ang sarap mo!
Toyamah said…
I can't find the "Autorun.inf"... pls... help me... I need it ASAP... :(
The amount of replies giving me some confidence, i've been chasing this solution for almost five-six months now... let me have a try!!
Still have the "shtdown running cmd.exe " I tried all these, not a single file is present what you have specified. All seemed OK in regisry as well. What could be the issue?
Anonymous said…
thank u very much..i've been worried sick...thank u thank u thank u
Anonymous said…
your the man!!!!.....


thank you very much for this post... I remove now the #$^&*& virus... :D
Anonymous said…
Both Task Manager and Registry Editor were disabled. What now?
Anonymous said…
WOW!!! I was about to reformat my PC when I saw this link. Thanks a lot!!!
Anonymous said…
not that techie here need help...where do i go to instruction number 3? thumb drive mo?

i will manually delete the virus/es because the automatic delete does not work or the link won't open.

thanks!
Anonymous said…
magaling magaling magaling!!!!!! salamat ng marami!!!!!!
Anonymous said…
thanks...meron pla n2 eh!!thanks bro,try qoh 2...
Pandora Sun said…
Hello. I'm having the same problem, but I can't seem to find the exe files you mentioned in my processes. Pls. help. Thaks in advance! :)
Anonymous said…
rak rakan na toh. . galing mo pare. . astig. . salamat. . wag na magtiwala sa anti-virus. . sayo nako magtitiwala. .\m/
Anonymous said…
DUDE!!! THANKS ALOT! WHEW! THAT WAS VERY HELPFUL, EASY STEP BY STEP TOO:)
GREAT JOB!
p said…
hi.. thank you for posting this.. i've been having this problem for a long time now.. you're d man!
Mel said…
wonderful, halatang pinoy eh! haha panalo!
Anonymous said…
wow. this was very helpful. good thing this post is available online. i couldn't thank you enough. cheers mate!
Unknown said…
my norton detect the said file as a virus and unsafe to run.
Anonymous said…
Thanks...it helps a lot...

My computer shuts down not just when running CMD but also when installing any anti-virus program so I'm thinking that it's the same virus.

But now it's solved. Thanks alot!!!

Mabuhay ka! :)
Anonymous said…
i also can't open task manager, it's disabled T_T
Anonymous said…
wow! it worked!!! finally got rid of that stoopid problem. thank god i found this blog. thanks dude!! da best ka!!!
Anonymous said…
you're the man! one thing.. the automated removal of the virus - the file itself is infected.
Doc Woofy said…
thank you very much for this guide. you're a blessing!
Anonymous said…
um. di ko dn magets #3. paexplain nmn ung thumb drive mo..?
Anonymous said…
thanks very helpful...
Anonymous said…
thanx! good job!
Anonymous said…
I was struggling with this issue for the past 5 months and your article for manual removal helped to resolve the problem.
Thanks alot for posting the solution.
Unknown said…
Thank you very much dude, you are an angel, it worked like a charm.
Anonymous said…
Thank you very much, you are an angel, it worked like a charm.
Anonymous said…
It's really TRUE! i'm searching for this answer for so long! UR A BLESSING DUDE! thank u!
Anonymous said…
i remove viruses through the command prompt, and one day it refuses to work properly!! thanks to your guide i got it working again. thank you very much!!
na-typo ka siguro sa #3.. are u pinoy? salamat!
Anonymous said…
thanks been infected since last week after backing up some pics from a friends pc
Anonymous said…
salamat po nang marami..
ie,
thanks a lot po...
Anonymous said…
3. go to your thumb drive mo, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe

HELP IM STUCK HIR PLSS HELP ME
Anonymous said…
hi!
i was following the step by step manual removal of the virus kaso pagdting ko sa #3 wala na..wat does he mean by thumb drive mo?
Anonymous said…
superb man thanks a lot...bravo
Anonymous said…
You're a genius!!!!

You helped me solve my problem. Mabuhay ka, brader.
Anonymous said…
You're a genius!!!!

You helped me solve my problem. Mabuhay ka, brader.
N said…
THANK YOU VERY VERY VERY MUCH!!!
Maitha de Vera said…
Thanks a lot. It really helps. Godbless.
Anonymous said…
Thank you! I normally don't post a comment anywhere but just wanted to let you know your simple instructions worked for me. Trend Micro's housecall didn't work but your solution did the trick. Keep blogging!
Anonymous said…
what's thumb drive mo?
Edmar said…
Edited it a while ago. Thumb drive a.k.a. flash drive.
Anonymous said…
you are damm great!!!!! it works!!
Anonymous said…
THANKS,YOUR THE MAN
Anonymous said…
good job man your very helpful
Anonymous said…
wow i downloaded the auto removal..it worked..we have two desktops and one laptop that shuts down everytime i open command prompt..tried it on my laptop and my cmd works now..will try it on the 2 other units..thanks again
Unknown said…
this is how you make a great technical guide. very easy to follow.. thanks
Anonymous said…
wow! man u saved a a lot of time! i was thinking of reformatting the system! thanks a lot bro! ur d man!!
Anonymous said…
thanks dude :)
Anonymous said…
thanks! downloaded the file.. works!
Earl said…
do I have to delete the following too?:

"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001

I did not find any bar311.exe, password_viewer.exe, and photos.zip.exe but did find the pc-off.bat on my laptop..

will it work the same? and please do answer my question. Do I have to delete the 3 things that I have mentioned above?
Marge said…
whoa, this thing was posted July 2008, and is still helpful up to now. thank you so much! i enjoyed the step-by-step fix. =)
-Berry- said…
ohmigod! Thanks for the guide! It is very useful! ;D Cheers :D
Anonymous said…
two years on the net and still very usefull...

btw YOUR MY HERO!!!!
Anonymous said…
after trying to find the fix for my computer for a long time, you're simple automatic remover program was absolutely brilliant!!!

Ultimate props!!!
this is very useful information for me!thank you for your information, i will share it with my friend.
Anonymous said…
thank you very much!!! :)
There definitely can be the issue of virus attacking your system.
Lpatop repair said…
I was also facing the same problem recently, you need to get the program re installed and then get it installed again....
Laurence said…
i had experienced this once from windows xp and did the step-by-step procedure...now that i have win7, i cant find those batch files and when running the cmd prmpt shuts my pc down.. :(
Anonymous said…
You're the best man! This helped me a month ago, but I didn't get to post... so thank you! XD
Anonymous said…
Two thumbs up man. it works.thanks a lot.
TKS said…
Awesome solution! Thanks dude!
Anonymous said…
How does this many people have the same virus?

Popular posts from this blog

How to check if your PSP can have CFW installed

Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged (code 19)

Globelines' Globe Broadband and Torrent Settings