Here's how to remove it:
Step 1: run the task manager or simply press CTRL+ALT+DEL
Step 2: End the following process:
password_viewer.exe or bar311.exe or photos.zip.exe
Step 3: The Virus have an entry in the registry, we should modify the entry in order to delete the virus. We will use regedit, Click on START then RUN then type regedit... *if regedit is disabled click here to solve...
Step 4: Now that regedit is popout, we will start to modify. Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WindowsNT\CurrentVersion\Winlogon
Step 5: In the userinit entry right click and modify
you will notice the value, userinit.exe,bar311.exe
remove the ,bar311.exe. "DO NOT DELETE userinit.exe"
Step 6: Go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced
delete the ff. entries
"Hidden"=dword:00000001
"HideFileExt"=dword:00000000
"ShowSuperHidden"=dword:00000001
Step 7: Go to:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
in the autorun entry,
delete "c:\Windows\pc-off.bat" or delete the autorun key
Step 8: Now we will remove the autorun.inf, heres how...
Open a notepad then paste this codes
@echo off
c:
attrib autorun.inf -h -r -s
del autorun.inf -h -r -s
d:
attrib autorun.inf -h -r -s
del autorun.inf -h -r -s
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe del /a /f c:\Windows\pc-off.bat
Save the file as removezip.bat then run, this will remove the virus
Posts
