This is a virus activity which prevents to use command prompt on the infected machine, this virus is called PC-OFF.bat trojan which turns off or shutdown your computer when ever you try to use command prompt by any means.
The infected computer restarts on opening command prompt.
This PC-OFF.bat virus creates the following files
* password_viewer.exe
* bar311.exe
* photo.zip.exe
* pc-off.bat
at the following locations
* c:\windows\bar311.exe
* c:\windows\password_viewer.exe
* c:\windows\photo.zip.exe
* c:\windows\pc-off.bat
Another variant of the this virus is recognized as bar311.exe virus A.K.A. winzip123 which will have almost the same symptoms and when ever you boot your Windows Xp computer in safe mode it will say a message Thank You!!! Password:Winzip123
Let’s find out the fix to remove this shutdown virus completely from computer.
Fix:
1. Open Task Manager by pressing Ctrl+Shift+Esc, click the process tab and locate the process named ‘password_viewer.exe‘ or ‘bar311.exe‘ or ‘photo.zip.exe‘ one by one and right click and select ‘End Process’
2. Open Start Menu >> Run, type regedit and press Enter key or OK button
3. Navigate to the following path
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS NT \ CURRENTVERSION \ WINLOGON
4. Locate the key named Userinit in right pane
"Userinit" = C:\WINDOWS\system32\userinit.exe,bar311.exe"
double click and remove the text ‘bar311.exe’ from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,photo.zip.exe"
double click and remove the text ‘photo.zip.exe’ from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,password_viewer.exe"
double click and remove the text ‘password_viewer.exe’ from the above
Note: Please make sure after editing the above Userinit key value it should be only
C:\WINDOWS\system32\userinit.exe (as shown in the image below)