Computer shuts down when trying to access command prompt

Asked By 200 points N/A Posted on -
qa-featured

It has been three days since I last used my personal computer at home because I am now really irritated. I am using Microsoft Windows XP Home Edition Operating System. I am suspecting that a virus has attacked my computer. Since I do not regularly update my Antivirus software, I just realized that I should, because of this problem that made my computer busted.

I need to access my command prompt, but I could not, because whenever I am typing cmd, my computer shuts down. I always use shortcuts. When I go to my accessories manually, I can still go to command prompt, however if this is caused by virus, once and for all, this should be stopped!

Somebody help me please.

SHARE
Best Answer by Gill Bros
Best Answer
Best Answer
Answered By 200 points N/A #111481

Computer shuts down when trying to access command prompt

qa-featured

Absolutely, Automatic shutdown of your computer when entering the command prompt is caused by a virus. This virus is what we called the PC-OFF Trojan which turns off or shuts down your computer once you are trying to enter the command prompt. Running directly on the run dialog box or even creating icon on the desktop, it will restart your computer.

By the way, we will show you some information about the PC-OFF Trojan. PC-OFF creates files in your windows root directory where these files are run under the winlogon key on the registry. Also sets as autorun on the Command Processor registry entry.

The following are those files created by PC-Off Trojan,

pc-off.bat
bar311.exe
photo.zip.exe
password_viewer.exe

Files created by PC-OFF Trojan is located in the following addresses,

C:windowspc-off.bat

C:windowsbar311.exe

C:windowsphoto.zip.exe

C:windowspassword_viewer.exe


PC-OFF Trojan has its generic which is called winzip123 and it is recognized as bar311.exe. PC-OFF and winzip123 has the same function which reboots or restarts your computer when you enter the command prompt. And if you booted on safe mode, you will be prompted with a message “Thank You!!! Password: Winzip123”.

To remove this Trojan, you must be patient on our steps because we will be working more on registry. There are some instances that your registry was locked due to viral infections or registry editing was disabled by your administrator. There are some tools available on the internet for you to enable your registry. Just search “Unlock Registry” on Google.

But before we go on fixing on the registry entries, we need to close or end all running process that is associated with PC-OFF Trojan. Now, what to do to end their process? Here’s how,
 

  • Open your task manager.
  • Just right click on the taskbar and click the Task Manager on the popup menu Or just press Ctrl+Shift+Esc.
  • Click the Process tab and find for the process of bar311.exe, photo.zip.exe and password_viewer.exe.
  • Right click on the process then select “End Process” on the pop up menu.
  • Note: If you found all of the three applications, each of the application mentioned above must stop their process.


Once you have ended all applications associated with PC-OFF Trojan, proceed on the next level. Remove PC-OFF Trojan entries on the Registry:
 

  • Open your registry editor. Just click Start, Run then type “regedit” without the quotes on the run dialog box then click ok.
  • Go to this registry key: HKEY_LOCAL_MACHINE SOFTWARE MICROSOFT WINDOWS NT CURRENTVERSION WINLOGON.
  • Find the key “UserInit” key on the right side or right pane of your Registry editor. If the data value is C:WINDOWSsystem32userinit.exe,bar311.exe or C:WINDOWSsystem32userinit.exe,photo.zip.exe or C:WINDOWSsystem32userinit.exe,password_viewer.exe then.
  • Double click the registry name “UserInit” then replace the value with “C:WINDOWSsystem32userinit.exe” or just remove the parameters after the comma (comma should be deleted too)
  • Next, go to this registry key: HKEY_CURRENT_USER softwaremicrosoftwindowscurrentversionexploreradvanced
  • Change the Key “Hidden” value with 1
  • Change the key “HideFileExt” value with 0
  • Change the key “ShowSupperHidden” value with 1
  • Next, go to this registry key: HKEY_CURRENT_USER softwaremicrosoftCommand Processor
  • Find for the key named “AutoRun” which value is “c:windowspc-off.bat“. Then delete the key.


After cleaning PC-OFF entry on the registry, you must delete their files or applications in your hard disk drive. We have two options to delete PC-OFF Trojan files.

Search for PC-OFF, photo.zip.exe, bar311.exe and password_viewer.exe using your windows explorer then delete the searched file. Create a batch file and save it anywhere in your desktop or system drive, mostly the drive C. Open your notepad then encode the following batch commands:

@echo off
Del /a /f c:windowspc-off.bat
Del /a /f c:windowsbar311.exe
Del /a /f c:windowsphoto.zip.exe
Del /a /f c:windowspassword_viewer.exe
Pause

Save your file as “RmvPCOFF.bat”. Change the Saved type as field in your dialog box with "all files" to avoid ".txt" extension of the file. Then, execute your batch file.That's all!

Hope this helps!

Answered By 0 points N/A #111482

Computer shuts down when trying to access command prompt

qa-featured

Hello Elizabeth,

The problem may be the caused due to problems with the windows settings and with the firewall and hence check the settings whether any problem with the settings if so resolve the problem.

The other reason that may be occurred due to affect of Virus malware program its better once to scan your system with an updated registered antivirus so that the virus may be healed/quarantined.
 
If there are no any important files its better to just format the system and make it ready with an registered updated antivirus software as they can find virus and remove/heal the infected files.
 
Hence definitely the problem will be resolved and system turns normally in smooth running without error as the flow of execution will not be stopped.
 
Thank you.

Login/Register to Answer

Related Questions