shutdown run cmd prompt shortcut

Computer ShutDown/Restart When You Type “cmd” In Run to Launch Command Prompt

Trouble:

One of our reader reported us a common virus problem which causes your computer to restart every time he try to launch command prompt. Below is the what he had sent us in the mail to contact us.

My Computer gets shutdown when I type cmd in run prompt to start command prompt, I know this is a virus problem please help me solve this problem.

This is a virus activity which prevents to use command prompt on the infected machine, this virus is called PC-OFF.bat trojan which turns off or shutdown your computer when ever you try to use command prompt by any means.

The infected computer restarts on opening command prompt.

This PC-OFF.bat virus creates the following files

    • password_viewer.exe
    • bar311.exe
    • photo.zip.exe
    • pc-off.bat

at the following locations

    • c:\windows\bar311.exe
    • c:\windows\password_viewer.exe
    • c:\windows\photo.zip.exe
    • c:\windows\pc-off.bat

Another variant of the this virus is recognized as bar311.exe virus A.K.A. winzip123 which will have almost the same symptoms and when ever you boot your Windows Xp computer in safe mode it will say a message Thank You!!! Password:Winzip123

Let’s find out the fix to remove this shutdown virus completely from computer.

Fix:

1. Open Task Manager by pressing Ctrl+Shift+Esc, click the process tab and locate the process named ‘password_viewer.exe‘ or ‘bar311.exe‘ or ‘photo.zip.exe‘ one by one and right click  and select ‘End Process

2. Open Start Menu >> Run, type regedit and press Enter key or OK button

3. Navigate to the following path

HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS NT \ CURRENTVERSION \ WINLOGON

4. Locate the key named Userinit in right pane

“Userinit” = C:\WINDOWS\system32\userinit.exe,bar311.exe”
double click and remove the text ‘bar311.exe’ from the above
OR
“Userinit” = C:\WINDOWS\system32\userinit.exe,photo.zip.exe”
double click and remove the text ‘photo.zip.exe’ from the above
OR
“Userinit” = C:\WINDOWS\system32\userinit.exe,password_viewer.exe”
double click and remove the text ‘password_viewer.exe’ from the above

Note: Please make sure after editing the above Userinit key value it should be only

C:\WINDOWS\system32\userinit.exe (as shown in the image below)

userinit

5. Navigate to the following path now

HKEY_CURRENT_USER \software\microsoft\windows\currentversion\explorer\advanced

Change Value of the following registry Key’s  :-
“Hidden”=dword:00000001 (1) – Change to ‘1’
“HideFileExt”=Dword:00000000 (0) – Change to ‘0’
“ShowSupperHidden”=Dword:00000001 (1) – Change to ‘1’

6. Navigate to the following registry path

HKEY_CURRENT_USER \software\microsoft\Command Processor

Find the registry key named autorun, right click and delete this key. The value of the key would be autorun=c:\windows\pc-off.bat

pc-off

7. Open notepad and type the following commands

@echo off
del /a /f c:\windows\bar311.exe
del /a /f c:\windows\password_viewer.exe
del /a /f c:\windows\photo.zip.exe
del /a /f c:\windows\pc-off.bat
pause

Save it as remove-pc-off-virus.bat and double click to run it. Or just download this batch file here and run it by double click.

8. Search for bar311.exe OR password_viewer.exe OR photo.zip.exe OR pc-off.bat and delete these files where ever found on your computer.

9. That’s it, Enjoy the pc off virus is now completely removed from your computer.

Comments

  1. Hey this is nice idea and very cool. Enjoy with trouble fixer.
    Rohit Khurana is very brilliant guy. I am very thankful to Rohit.

  2. Hey Guys
    This is some cool stuff you got here,very great idea was very very helpful keep up the good stuff and post more ideas

    Cheers

  3. Sir i salute you my savior Mr.Rohit Khurana.im glad i fixed it up using your guidelines.Thanks for the easy way how i remove that virus.More power!

  4. i tried your steps… but still..
    when i run the saved file the remove-pc-off-virus.batt my computer restarts again… u am so worried pls help me… i tried your steps so many times… and still the same thing happens… my computer shuts down automatically… pls.. pls.. help me… i’m cheester from the Philippines…

  5. My Dear Friend Chester,

    The same thing happened to me. What I did was to skip step 7 and proceed straight away to step 8.

    go to:

    C:\WINDOWS

    there, search for

    * password_viewer.exe
    * bar311.exe
    * photo.zip.exe
    * pc-off.bat

    anything and everything you see with those names in any format or type, DELETE them!!!

    Go back to step 7 and you will see that the problem would have been fixed.

    To make it 100% certain, type CMD using Run found in the start up menu.

    If your computer doesn’t restart, Congratulate yourself for a job well done! 😀

  6. Thank alot. But you know Nowdays another Virus file “iph.exe” also prompt same shutdown warning. So It’s the same process to get ride of “iph.exe” too, Just keep “iph.exe” or remove “iph.exe” insted of other.

  7. Another Useful command

    @echo off
    attrib -s -r c:\windows
    attrib -s -r E:\
    del /a /f c:\windows\bar311.exe
    del /a /f c:\windows\password_viewer.exe
    del /a /f c:\windows\photo.zip.exe
    del /a /f c:\windows\pc-off.bat
    del /a /f c:\windows\iph.exe
    del /a /f c:\windows\autorun.inf
    pause

  8. i seareched fo those files in my comp but couldn’t find any…but still wen i click on comand processr or type cmd on run n click enter my computer restarts…pls help pls…

  9. i did all these steps but still its restartin g wen i open comand prompt…i even searched for them but didn find ne file in those names but i still have the same problem with comand prompt

  10. Maybe I’m underthinking this, but why not boot with a Malwarebyte boot disk. MWB will quarantine the virus and end of problem, no?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.