Sunday, February 10, 2008

Computer Shuts Down when you Open up CMD (Command Prompt)

Computer Shuts Down when you Open up CMD (Command Prompt)

This is the symptom of a computer having bar311.exe virus A.K.A. winzip123. The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.

When you boot your Windows XP in Safe Mode the message appears: Thank You!!!
Password:Winzip123

The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.

Manual removal is outlined below. Download bar311.exe - winzip123.exe Automatic Remover here.

Manual removal:

1. upon start up.... after os loading... go to task manager by pressing CTRL+ALT+DEL then kill password_viewer.exe or bar311.exe or photos.zip.exe...

2. EDIT the following registry entries thru regedit at start/run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" ---> remove ", bar311.exe" only... leave userinit.exe because this is used by Windows when you log-in...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" --> remove "c:\Windows\pc-off.bat" or delete the autorun key.


3. go to your flash drive (USB drive), please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe


4. open notepad then type what is shown below as is...

@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause

then save this as remove.bat then click to run.... this will remove the virus...
at 8:14 PM

82 comments:

  1. AnonymousJuly 16, 2008 at 4:18 AM

    Your Suggestation is very help ful thans a lot

    ReplyDelete
  2. AnonymousJuly 29, 2008 at 8:02 PM

    thanks, it works

    ReplyDelete
  3. JordanAugust 11, 2008 at 11:50 PM

    Thank you. You're the man! :)

    ReplyDelete
  4. AnonymousAugust 14, 2008 at 6:12 AM

    thanks a lot..but how did u know? did u develop the virus urself?

    ReplyDelete
  5. AnonymousAugust 19, 2008 at 10:35 PM

    kick @ss! killed the virus in a snap. Now, time to get an avs. Thanks!

    ReplyDelete
  6. AnonymousAugust 20, 2008 at 7:32 AM

    wth, avg can't piss it off...

    ReplyDelete
  7. cyndroneAugust 20, 2008 at 7:53 PM

    nicely done sir!

    ReplyDelete
  8. AnonymousAugust 25, 2008 at 3:56 PM

    Thanks for sharing this solution.. was very helpful! Thanks again

    ReplyDelete
  9. BULLYAugust 27, 2008 at 12:14 PM

    nice tut man....^^
    dam avg....

    ReplyDelete
  10. srikxAugust 27, 2008 at 11:57 PM

    Great! It really helps.
    Thank you...

    ReplyDelete
  11. AnonymousSeptember 28, 2008 at 8:26 PM

    salamat

    ReplyDelete
  12. ObedSeptember 29, 2008 at 9:54 PM

    Thanks for this blog, now I can use my cmd :)

    More power to you sir! :)

    ReplyDelete
  13. JettyOctober 7, 2008 at 1:51 AM

    IT WORKS!!!!
    THANK YOU!!!!
    YIPEEE!!!

    ReplyDelete
  14. AnonymousOctober 11, 2008 at 5:02 AM

    wow galeng

    ReplyDelete
  15. HMW™October 13, 2008 at 5:09 AM

    you're a genius! lufet!

    ReplyDelete
  16. AnonymousOctober 17, 2008 at 4:36 AM

    I love you for that

    ReplyDelete
  17. AnonymousOctober 29, 2008 at 8:35 AM

    salamat

    ReplyDelete
  18. ObnoxiousDweebOctober 30, 2008 at 10:50 AM

    I'm a Believer!!!! WAHOOO!!!!! Curse the one who created that virus, and all hail to you for your solution!!!

    ReplyDelete
  19. AnonymousNovember 1, 2008 at 3:40 AM

    thanks so much!

    ReplyDelete
  20. AnonymousNovember 3, 2008 at 11:10 PM

    thank you sooooo..much.... your post is superb..:)

    ReplyDelete
  21. AsheNovember 6, 2008 at 7:56 PM

    w00t! Thanks to you problem has been resolved. It's kinda crappy that my AVG is up to date but it can't detect it. :S

    ReplyDelete
  22. AnonymousNovember 11, 2008 at 5:09 AM

    wow!..thanks alot!,it really works!..:)

    ReplyDelete
  23. AnonymousNovember 14, 2008 at 4:07 PM

    thanks. ang sarap mo!

    ReplyDelete
  24. à´šà´•്à´•à´šുà´³November 30, 2008 at 1:25 AM

    The amount of replies giving me some confidence, i've been chasing this solution for almost five-six months now... let me have a try!!

    ReplyDelete
  25. à´šà´•്à´•à´šുà´³November 30, 2008 at 1:44 AM

    Still have the "shtdown running cmd.exe " I tried all these, not a single file is present what you have specified. All seemed OK in regisry as well. What could be the issue?

    ReplyDelete
  26. ginnyDecember 5, 2008 at 8:01 AM

    thank u very much..i've been worried sick...thank u thank u thank u

    ReplyDelete
  27. AnonymousDecember 17, 2008 at 5:08 PM

    your the man!!!!.....


    thank you very much for this post... I remove now the #$^&*& virus... :D

    ReplyDelete
  28. PaulDecember 30, 2008 at 10:46 PM

    Both Task Manager and Registry Editor were disabled. What now?

    ReplyDelete
  29. AnonymousJanuary 1, 2009 at 5:03 PM

    WOW!!! I was about to reformat my PC when I saw this link. Thanks a lot!!!

    ReplyDelete
  30. AnonymousJanuary 11, 2009 at 9:52 PM

    magaling magaling magaling!!!!!! salamat ng marami!!!!!!

    ReplyDelete
  31. AnonymousJanuary 15, 2009 at 7:45 AM

    thanks...meron pla n2 eh!!thanks bro,try qoh 2...

    ReplyDelete
  32. Pandora SunJanuary 20, 2009 at 3:18 AM

    Hello. I'm having the same problem, but I can't seem to find the exe files you mentioned in my processes. Pls. help. Thaks in advance! :)

    ReplyDelete
  33. Pandora SunJanuary 20, 2009 at 4:04 AM

    Hi, my problem was solved already. This article is really helpful, but if it doesn't solve your problems, you can try http://www.troublefixers.com/command-prompt-disabled-by-virus/. This worked for me. Goodluck. :)

    ReplyDelete
  34. AnonymousJanuary 20, 2009 at 6:48 PM

    rak rakan na toh. . galing mo pare. . astig. . salamat. . wag na magtiwala sa anti-virus. . sayo nako magtitiwala. .\m/

    ReplyDelete
  35. Bobbie =)January 21, 2009 at 3:56 PM

    DUDE!!! THANKS ALOT! WHEW! THAT WAS VERY HELPFUL, EASY STEP BY STEP TOO:)
    GREAT JOB!

    ReplyDelete
  36. pJanuary 21, 2009 at 10:26 PM

    hi.. thank you for posting this.. i've been having this problem for a long time now.. you're d man!

    ReplyDelete
  37. MelJanuary 24, 2009 at 1:56 AM

    wonderful, halatang pinoy eh! haha panalo!

    ReplyDelete
  38. yurishibuyaJanuary 26, 2009 at 5:45 AM

    wow. this was very helpful. good thing this post is available online. i couldn't thank you enough. cheers mate!

    ReplyDelete
  39. slayerFebruary 2, 2009 at 5:26 AM

    my norton detect the said file as a virus and unsafe to run.

    ReplyDelete
  40. AnonymousFebruary 7, 2009 at 2:02 AM

    Thanks...it helps a lot...

    My computer shuts down not just when running CMD but also when installing any anti-virus program so I'm thinking that it's the same virus.

    But now it's solved. Thanks alot!!!

    Mabuhay ka! :)

    ReplyDelete
  41. AnonymousFebruary 9, 2009 at 3:05 AM

    i also can't open task manager, it's disabled T_T

    ReplyDelete
  42. AnonymousFebruary 17, 2009 at 9:52 AM

    wow! it worked!!! finally got rid of that stoopid problem. thank god i found this blog. thanks dude!! da best ka!!!

    ReplyDelete
  43. AnonymousFebruary 21, 2009 at 8:46 PM

    you're the man! one thing.. the automated removal of the virus - the file itself is infected.

    ReplyDelete
  44. junoMarch 4, 2009 at 3:58 PM

    um. di ko dn magets #3. paexplain nmn ung thumb drive mo..?

    ReplyDelete
  45. AnonymousMarch 17, 2009 at 8:30 PM

    I found this very useful.
    Thanks! You make my day

    Download movies /
    videos

    ReplyDelete
  46. AnonymousMarch 21, 2009 at 9:23 PM

    thanks very helpful...

    ReplyDelete
  47. AnonymousMarch 24, 2009 at 6:42 PM

    thanx! good job!

    ReplyDelete
  48. AnonymousMarch 30, 2009 at 9:13 PM

    I was struggling with this issue for the past 5 months and your article for manual removal helped to resolve the problem.
    Thanks alot for posting the solution.

    ReplyDelete
  49. AnonymousApril 3, 2009 at 2:03 AM

    Thank you very much, you are an angel, it worked like a charm.

    ReplyDelete
  50. AnonymousApril 7, 2009 at 10:31 AM

    It's really TRUE! i'm searching for this answer for so long! UR A BLESSING DUDE! thank u!

    ReplyDelete
  51. AnonymousApril 27, 2009 at 5:16 AM

    i remove viruses through the command prompt, and one day it refuses to work properly!! thanks to your guide i got it working again. thank you very much!!
    na-typo ka siguro sa #3.. are u pinoy? salamat!

    ReplyDelete
  52. AnonymousMay 9, 2009 at 12:26 AM

    thanks been infected since last week after backing up some pics from a friends pc

    ReplyDelete
  53. AnonymousMay 17, 2009 at 10:09 PM

    salamat po nang marami..
    ie,
    thanks a lot po...

    ReplyDelete
  54. AnonymousMay 19, 2009 at 6:30 AM

    3. go to your thumb drive mo, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe

    HELP IM STUCK HIR PLSS HELP ME

    ReplyDelete
  55. AnonymousMay 29, 2009 at 6:20 PM

    hi!
    i was following the step by step manual removal of the virus kaso pagdting ko sa #3 wala na..wat does he mean by thumb drive mo?

    ReplyDelete
  56. AnonymousJune 2, 2009 at 8:45 PM

    superb man thanks a lot...bravo

    ReplyDelete
  57. AnonymousJune 10, 2009 at 11:09 AM

    You're a genius!!!!

    You helped me solve my problem. Mabuhay ka, brader.

    ReplyDelete
  58. AnonymousJune 10, 2009 at 11:09 AM

    You're a genius!!!!

    You helped me solve my problem. Mabuhay ka, brader.

    ReplyDelete
  59. NJune 19, 2009 at 8:21 PM

    THANK YOU VERY VERY VERY MUCH!!!

    ReplyDelete
  60. Maitha de VeraJune 19, 2009 at 11:33 PM

    Thanks a lot. It really helps. Godbless.

    ReplyDelete
  61. AnonymousAugust 7, 2009 at 8:10 AM

    what's thumb drive mo?

    ReplyDelete
  62. edmarAugust 7, 2009 at 6:11 PM

    Edited it a while ago. Thumb drive a.k.a. flash drive.

    ReplyDelete
  63. AnonymousAugust 8, 2009 at 11:37 AM

    THANK YOU!!! shit it worked! thanks a lot!

    ReplyDelete
  64. AnonymousAugust 17, 2009 at 3:44 AM

    you are damm great!!!!! it works!!

    ReplyDelete
  65. AnonymousSeptember 9, 2009 at 5:13 AM

    THANKS,YOUR THE MAN

    ReplyDelete
  66. AnonymousOctober 6, 2009 at 9:21 PM

    good job man your very helpful

    ReplyDelete
  67. AnonymousNovember 12, 2009 at 10:53 PM

    wow i downloaded the auto removal..it worked..we have two desktops and one laptop that shuts down everytime i open command prompt..tried it on my laptop and my cmd works now..will try it on the 2 other units..thanks again

    ReplyDelete
  68. arNovember 22, 2009 at 3:30 AM

    this is how you make a great technical guide. very easy to follow.. thanks

    ReplyDelete
  69. AnonymousNovember 24, 2009 at 9:28 PM

    wow! man u saved a a lot of time! i was thinking of reformatting the system! thanks a lot bro! ur d man!!

    ReplyDelete
  70. AnonymousDecember 5, 2009 at 8:04 AM

    thanks dude :)

    ReplyDelete
  71. LeonardoDecember 13, 2009 at 10:03 PM

    Sir! Thx alot..
    :D

    ReplyDelete
  72. AnonymousDecember 28, 2009 at 3:37 AM

    thanks! downloaded the file.. works!

    ReplyDelete
  73. EarlDecember 28, 2009 at 11:06 AM

    do I have to delete the following too?:

    "Hidden"=dword:00000001
    "HideFileExt"=dword:00000000
    "ShowSuperHidden"=dword:00000001

    I did not find any bar311.exe, password_viewer.exe, and photos.zip.exe but did find the pc-off.bat on my laptop..

    will it work the same? and please do answer my question. Do I have to delete the 3 things that I have mentioned above?

    ReplyDelete
  74. MargeJanuary 9, 2010 at 2:00 AM

    whoa, this thing was posted July 2008, and is still helpful up to now. thank you so much! i enjoyed the step-by-step fix. =)

    ReplyDelete
  75. computer repairMay 15, 2010 at 7:47 AM

    For problem of this kind I would recommend that you use the System Restore tool which can easily solve problems of these kinds.

    ReplyDelete
  76. AnonymousMay 21, 2010 at 3:39 AM

    two years on the net and still very usefull...

    btw YOUR MY HERO!!!!

    ReplyDelete
  77. AnonymousMay 25, 2010 at 8:23 AM

    after trying to find the fix for my computer for a long time, you're simple automatic remover program was absolutely brilliant!!!

    Ultimate props!!!

    ReplyDelete
  78. AnonymousOctober 31, 2010 at 2:59 AM

    thank you very much!!! :)

    ReplyDelete
  79. video card repairFebruary 3, 2011 at 5:04 AM

    There definitely can be the issue of virus attacking your system.

    ReplyDelete
  80. Lpatop repairMay 24, 2011 at 3:39 AM

    I was also facing the same problem recently, you need to get the program re installed and then get it installed again....

    ReplyDelete
  81. LaurenceJuly 12, 2011 at 11:17 PM

    i had experienced this once from windows xp and did the step-by-step procedure...now that i have win7, i cant find those batch files and when running the cmd prmpt shuts my pc down.. :(

    ReplyDelete
  82. AnonymousJuly 23, 2011 at 9:34 AM

    You're the best man! This helped me a month ago, but I didn't get to post... so thank you! XD

    ReplyDelete

Subscribe to: Post Comments (Atom)