My PC shuts down when I open cmd [Closed]

-
Hello, my pc shuts down when I open cmd. What is the cause of this problem? Viruses I think, how can I solve this and how to remove the viruses manually?

System Configuration: Windows 7 / Firefox 3.6.8
See more 

2 replies

Best answer
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
19
7
Thank you
This is a virus activity which prevents to use command prompt on the infected machine, this virus is called PC-OFF.bat trojan which turns off or shutdown your computer when ever you try to use command prompt by any means.

The infected computer restarts on opening command prompt.



This PC-OFF.bat virus creates the following files

* password_viewer.exe
* bar311.exe
* photo.zip.exe
* pc-off.bat

at the following locations

* c:\windows\bar311.exe
* c:\windows\password_viewer.exe
* c:\windows\photo.zip.exe
* c:\windows\pc-off.bat

Another variant of the this virus is recognized as bar311.exe virus A.K.A. winzip123 which will have almost the same symptoms and when ever you boot your Windows Xp computer in safe mode it will say a message Thank You!!! Password:Winzip123



Let's find out the fix to remove this shutdown virus completely from computer.

Fix:

1. Open Task Manager by pressing Ctrl+Shift+Esc, click the process tab and locate the process named `password_viewer.exe` or `bar311.exe` or `photo.zip.exe` one by one and right click and select `End Process'



2. Open Start Menu >> Run, type regedit and press Enter key or OK button



3. Navigate to the following path

HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS NT \ CURRENTVERSION \ WINLOGON



4. Locate the key named Userinit in right pane

"Userinit" = C:\WINDOWS\system32\userinit.exe,bar311.exe"
double click and remove the text `bar311.exe' from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,photo.zip.exe"
double click and remove the text `photo.zip.exe' from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,password_viewer.exe"
double click and remove the text `password_viewer.exe' from the above

Note: Please make sure after editing the above Userinit key value it should be only

C:\WINDOWS\system32\userinit.exe (as shown in the image below)

http://www.troublefixers.com/...


or try this one to get rid of it.


The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.

Manual removal is outlined below. Download bar311.exe - winzip123.exe Automatic Remover here.


Manual removal:

1. upon start up.... after os loading... go to task manager by pressing CTRL+ALT+DEL then kill password_viewer.exe or bar311.exe or photos.zip.exe...

2. EDIT the following registry entries thru regedit at start/run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" ---> remove ", bar311.exe" only... leave userinit.exe because this is used by Windows when you log-in...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" --> remove "c:\Windows\pc-off.bat" or delete the autorun key.


3. go to your flash drive (USB drive), please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe


4. open notepad then type what is shown below as is...

@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause

then save this as remove.bat then click to run.... this will remove the virus...

hope to get a reply back from you buddy.


Regards, Gervarod

Say "Thank you" 7

A few words of thanks would be greatly appreciated. Add comment

CCM 6596 users have said thank you to us this month

Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
19
0
Thank you
This is the symptom of a computer having bar311.exe virus A.K.A. winzip123. The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.

When you boot your Windows XP in Safe Mode the message appears: Thank You!!!
Password:Winzip123
Gervarod
Posts
306
Registration date
Saturday March 27, 2010
Status
Member
Last seen
June 8, 2014
19 -
Symptoms when infected by Bar311.exe or Winzip123

The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.

When you boot your Windows XP in Safe Mode the message appears: Thank You!!! Password:Winzip123

The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.

Manual Removal of Bar311.exe

1. Go to Task Manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe...

2. EDIT the following registry entries thru Regedit

How to access Regedit?

1. Go to Start Menu > Run
2. Type Regedit and Press Enter key

Just follow the directory and click the folder...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="userinit.exe,bar311.exe" -> remove ", bar311.exe" only...

>leave userinit.exe because this is used by Windows when you log-in...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced]

"Hidden"=dword:00000001

"HideFileExt"=dword:00000000

"ShowSuperHidden"=dword:00000001


* How to protect your family against Swine Flu or AH1N1

AH1N1 is a new strain of flu virus, although flu virus is always with us (because they are air borne) this new strain a more dangerous compared to a normal flu. - 13 months ago
* Bleach - Vizard, History, Characters and abilities

The Vizards is a group of former Shinigami who obtained hollow powers. - 13 months ago
* Charice Pempengco and Oprah Winfrey

Charice Pempenco was born on May 10, 1993 in Cabuyao, Laguna in the Philippines, so her age is 16. - 13 months ago

HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "autorun"="c:\Windows\pc-off.bat" -> remove "c:\Windows\pc-off.bat" or delete the autorun key.

3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe

4. open notepad then type what is shown below as is...

@echo off

del /a /f c:\Windows\bar311.exe

del /a /f c:\Windows\password_viewer.exe

del /a /f c:\Windows\photos.zip.exe

del /a /f c:\Windows\pc-off.bat

pause



then save this as remove.bat then double click to run

Hope this helps!!!!