How to remove Bar311.exe Shuts down a PC Virus
I was plagued by this virus once in our Computer Laboratory and searching google was my first option... i searched google but solutions are vague or incomplete but I finally managed to find the correct solution.
so, I would like to share it to you hoping that this will aid you in vanquishing bar311.. :)
Symptoms when infected by Bar311.exe or Winzip123
The virus comprises bar311.exe, password_viewer.exe, photos.zip.exe and pc-off.bat.
When you boot your Windows XP in Safe Mode the message appears: Thank You!!! Password:Winzip123
The pc-off.bat contains the syntax like this"C:/path/shutdown -s -f -t 2 -c" which automatically shutdown your computer when you run the cmd.exe.
Manual Removal of Bar311.exe
1. Go to Task Manager by pressing CTRL+ALT+DEL then kill (end process) password_viewer.exe or bar311.exe or photos.zip.exe...
2. EDIT the following registry entries thru Regedit
How to access Regedit?
- Go to Start Menu > Run
- Type Regedit and Press Enter key
Just follow the directory and click the folder... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="userinit.exe,bar311.exe" -> remove ", bar311.exe" only...
>leave userinit.exe because this is used by Windows when you log-in...
HKEY_CURRENT_USER\Software\Microsoft\Command Processor] "autorun"="c:\Windows\pc-off.bat" -> remove "c:\Windows\pc-off.bat" or delete the autorun key.
3. go to your thumb drive, please use the folders view in the explorer and use the navigation panel on the left side when accessing the drives to avoid triggering the autorun... then delete autorun.inf and password_viewer.exe or bar311.exe
4. open notepad then type what is shown below as is...
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe
del /a /f c:\Windows\pc-off.bat
then save this as remove.bat then double click to run
Hope this helps!!!!
More by this Author
Microsoft Command Prompt "attrib" is a very useful tool to check if your hard drives even your flashdisks have been infected by a virus. You will know if a Malware is inside your hard drive just by looking at...
Cha - Cha or Charter Change is the process involved in amending the 1987 Philippine Contitution. Charter Change, also recognized as "Cha-Cha" in the Philippines, refers to the political and additional...