Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

How to remove Bar311.exe Shuts down a PC Virus

Discussion in 'Tech, Gadgets & Science Forum' started by MziziMkavu, Nov 10, 2011.

  1. MziziMkavu

    MziziMkavu JF-Expert Member

    #1
    Nov 10, 2011
    Joined: Feb 3, 2009
    Messages: 38,530
    Likes Received: 2,802
    Trophy Points: 280




    [​IMG]




    Symptoms when infected by Bar311.exe or Winzip123

    The virus comprises bar311.exe,password_viewer.exe, photos.zip.exeand pc-off.bat.
    When you boot your Windows XP in Safe Mode the message appears:Thank You!!! Password:Winzip123
    The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.


    Manual Removal of Bar311.exe

    1. Go to Task Manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe...
    2. EDIT the following registry entries thru Regedit


    How to access Regedit?
    1. Go to Start Menu > Run
    2. Type Regedit and Press Enter key
    Just follow the directory and click the folder...[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="userinit.exe,bar311.exe" -> remove ", bar311.exe" only...
    >leave userinit.exe because this is used by Windows when you log-in...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced]
    "Hidden"=dword:00000001
    "HideFileExt"=dword:00000000
    "ShowSuperHidden"=dword:00000001



    HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "autorun"="c:\Windows\pc-off.bat" -> remove "c:\Windows\pc-off.bat" or delete the autorun key.
    3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe
    4. open notepad then type what is shown below as is...

    @echo off del /a /f c:\Windows\bar311.exe
    del /a /f c:\Windows\password_viewer.exe
    del /a /f c:\Windows\photos.zip.exe
    del /a /f c:\Windows\pc-off.bat
    pause




    then save this as remove.bat then double click to run


    Hope this helps!!!!


     
Loading...