A few moments ago, I fixed my friend’s computer’s problem. She was having problems accessing the command prompt (DOS) from her Windows XP operating system. Every time she attempts to execute “
cmd” on her Run dialog box, her computer automatically shuts down. Here is my analysis on how the virus prevents her from using the command prompt and how to remove the virus from the system.
A virus is preventing the user from using the command prompt. When “
cmd” is used, the system automatically shuts off.
After giving attempting the “
cmd” on her system, the command prompt executes a file called “
pc-off.bat“. If my assumptions are correct, this file causes the system to shut down. The file injects itself before the “
cmd” command starts.
The only way that this can be done is to inject a command in the Command Processor registry entry. To solve the problem, we have to trace and remove the command that was injected by the virus.
We must first gain access to our registry editor (
regedit on your run prompt). In some cases, the virus disables user (admin) access to the registry. Since the virus injects itself in our command prompt, using DOS to access the registry is not possible. What I can suggest is you download and install an alternate registry editor which you can use to browse your registry editors.
One you gain access to the system registry, browse on the
[HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor] and remove the “
Remove or delete the highlighted entry.
After removing the autorun entry, download and run this batch file.
In some reported cases, the
pc-off.bat virus have other variations like
photos.zip.exe. The fix file above should remove these files as well.
After fixing the problem, update your anti-virus or buy an updated anti-virus to prevent further infection.