Bar311.exe virus or winzip123 includes the following files: bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.
The pc-off.bat contains the syntax "C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe or command.
To remove:
(Manual removal)
1. Run the task manager by clicking Ctrl+Alt+Del or right click on the task bar and click task manager.
In the Process tab click on the following and click end process button:
password_viewer.exe or bar311.exe or photos.zip.exe
2. Edit the registry by clicking Start then Run then type regedit then press enter or ok. The registry editor should appear.
In the registry editor you can see the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" -> remove ", bar311.exe" only.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced]
Delete the following by pressing delete or right click then click delete...
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
"autorun"="c:\Windows\pc-off.bat" -> remove
"c:\Windows\pc-off.bat" or delete the autorun key
3. On your flash disk or thumb drive right click the thumb drive icon and click on open or on the navagation toolbar just type the thumb drive ex. f: or e: to avoid triggering the autorun.inf then delete autorun.inf and password_viewer.exe or bar311.exe.
4. Open notepad and type this following;
@echo off
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
pause
save this as a batch file, any name with a .bat extension ex. delete.bat
in saving the file, on the save as type instead of Text Documents (*.txt) change it to all files before saving the batch file.
No comments:
Post a Comment