Posts
This kind of virus shuts down your PC when you accessed your cmd or command prompt. This tips are for my friends asking how to remove the said virus.
This tip is floating on the internet and not my idea, just posted it for the benefits of those who need this information.
Manual removal:
1. upon start up…. after os loading… go to task manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe…
2. EDIT the following registry entries thru regedit at start/run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" —> remove ", bar311.exe" only… leave userinit.exe because this is used by Windows when you log-in…
[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" –> remove "c:\Windows\pc-off.bat" or delete the autorun key.
3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun… then delete autorun.inf and password_viewer.exe or bar311.exe
4. open notepad then type what is shown below as is…
@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause
then save this as remove.bat then click to run
It will remove the Bar311.exe virus…
This tip is floating on the internet and not my idea, just posted it for the benefits of those who need this information.
Manual removal:
1. upon start up…. after os loading… go to task manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe…
2. EDIT the following registry entries thru regedit at start/run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" —> remove ", bar311.exe" only… leave userinit.exe because this is used by Windows when you log-in…
[HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" –> remove "c:\Windows\pc-off.bat" or delete the autorun key.
3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun… then delete autorun.inf and password_viewer.exe or bar311.exe
4. open notepad then type what is shown below as is…
@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause
then save this as remove.bat then click to run
It will remove the Bar311.exe virus…
No comments:
Post a Comment