Removing the cmd auto shutdown virus
A few moments ago, I fixed my friend’s computer’s problem. She was having problems accessing the command prompt (DOS) from her Windows XP operating system. Every time she attempts to execute “cmd” on her Run dialog box, her computer automatically shuts down. Here is my analysis on how the virus prevents her from using the command prompt and how to remove the virus from the system.
Problem
A virus is preventing the user from using the command prompt. When “cmd” is used, the system automatically shuts off.
Analysis
After giving attempting the “cmd” on her system, the command prompt executes a file called “pc-off.bat“. If my assumptions are correct, this file causes the system to shut down. The file injects itself before the “cmd” command starts.
The only way that this can be done is to inject a command in the Command Processor registry entry. To solve the problem, we have to trace and remove the command that was injected by the virus.
Solution
We must first gain access to our registry editor (regedit on your run prompt). In some cases, the virus disables user (admin) access to the registry. Since the virus injects itself in our command prompt, using DOS to access the registry is not possible. What I can suggest is you download and install an alternate registry editor which you can use to browse your registry editors.
One you gain access to the system registry, browse on the [HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor] and remove the “autorun“= “c:Windowspc-off.bat” entry.
Remove or delete the highlighted entry.
After removing the autorun entry, download and run this batch file.
In some reported cases, the pc-off.bat virus have other variations like bar311.exe, password_viewer.exe, and photos.zip.exe. The fix file above should remove these files as well.
After fixing the problem, update your anti-virus or buy an updated anti-virus to prevent further infection.
Related articles
About the Author
Techie Kid is a multi-niche blogger, photography enthusiast, WordCamp 2008 organizer, Philippine Blog Awards 2009 organizer, and Philippine Blog Awards 2008 Bloggers’ Choice Awardee.
November 16th, 2008 at 12:44 am
wow! thanks for this post! It helped me solve my shutdown prob
Reply
November 27th, 2008 at 10:36 am
it is the best solution i ever found! i tried a lot but this is the most accurate. thanks!
Reply
November 29th, 2008 at 5:47 am
ah. had the same problem a few months ago… pero ang ginamit ko noob killer.
Reply
November 29th, 2008 at 6:21 am
not working
Reply
December 11th, 2008 at 7:45 pm
Great… my friend problem was solve.. thanks br0
Reply
December 14th, 2008 at 11:18 am
Hi there! Thanks very much for this. I was able to get rid of this extremely annoying virus and can now use “CMD” anytime. Thanks again!
-BC
Reply
January 17th, 2009 at 12:57 pm
ei thanks…it really works…;)
Reply
January 25th, 2009 at 1:57 pm
Im having trouble with my PC coz every 2:30 min in using it, my internet connection is gone…how to solve this please help me..tnx
Reply
March 1st, 2009 at 8:59 pm
hi
got into registry editor but auto run is not there ??
Reply
March 11th, 2009 at 12:38 am
WOW IT IS A GOOD WAY BUT MAK IT EASY FOR THOSE WHO DONT KNOW COMPUTER BY USEDING THE COAD ONLY BESIDE THIS PC AutoOff Fix
Reply
March 14th, 2009 at 8:50 pm
This is the first time I commented here and I should say that you give genuine, and quality information for other bloggers! Great job.
p.s. You have a very good template . Where have you got it from?
Reply
March 25th, 2009 at 1:06 am
it’s not working for me. i followed all instructions (deleted the registry value and ran the batchfile editor) but still it went autoshut down..when i checked it again, the value was still there.. Please help me. ae there other alternatives for my problem? PLEASE MAIL ME. dhey_scarlet16@yahoo.com your tip will be highly appreciated! thanks and God bless!
Reply
March 25th, 2009 at 1:44 am
i want to thank the owner of this blog for being generous in posting some solutions regarding malwares..
may God bless you more 
)
(unfortunately it didn’t work for me, but it worked for others though..
i’ve surfed the net for alternative solutions..i found something that works for my pc. so if the solution above doesn’t work on your pc,it may have other problems that should be fixed first.
you may try this:
http://www.testmy.net/forum/index.php?topic=22968.msg266502
just click the link
Thanks people.:) God Bless!
Reply
May 21st, 2009 at 10:46 am
It works!!! Thanks….
Reply
May 25th, 2009 at 1:09 pm
Hello guys,
Thanks for the solution but you are lacking one important thing!
Pls do this first before following the instructions above:
First, stop the virus application running at the Windows background (processes)
Press CTRL-ALT-DEL and select Task Manager.
Go to the Processes tab and stop the application: (bar311.exe, password_viewer.exe, and photos.zip.exe).
Then you can proceed with the other remaining steps..
Thanks!
Reply
June 3rd, 2009 at 9:55 am
Thank bro!..
it’s really work..
Reply
June 3rd, 2009 at 3:19 pm
WOWOWOWOWOWOW!!!!!!! WHAT A GENIUS!!!!!!!!!! 100 STARS FOR YOU BRO!!!!!! YOU’VE SOLVE MY PROBLEM IN A FEW SECONDS!!!!
Reply
June 6th, 2009 at 10:43 pm
how to make a shutdown virus??????????
Reply
June 13th, 2009 at 4:31 pm
thank you very much…
since i cannot go to “regedit,” i just search for the “.bat” file and alas! the “pc-off.bat” appeared…i just deleted this file and the problem with “cmd autshutoff” is corrected…
Reply
July 23rd, 2009 at 2:38 am
its not working for me…when i restart my computer, it appears again.. my avast anti-virus detects the pc-off.bat virus.. what should i do?? pls email me..thanx!
Reply
July 23rd, 2009 at 2:42 am
natzz1569@yahoo.com.. pls email me here..thanx!
Reply
August 14th, 2009 at 1:06 pm
Ah.. Paano download and run batch file?
you mean that i will run autoshutdown?
Reply
September 8th, 2009 at 7:38 pm
after i flug in my mp3 player on my computer i saw a folder named “bi mat” i tried to delete it but it returns continoustly.
so when i open the folder my computer started to shutdown again and again…
i think there is some kind of virus enter my computer…
can anyone help me plzzz.
i cant open any files because the pc shutz in the first 5 sec. of its open… plz plz plz ty so much
Reply
September 10th, 2009 at 7:54 pm
I would like to thank the one who has saved my computer !!
thank you very much dude, now I can run CMD.
Thank god people like you are around.
Reply
Winston Reply:
September 11th, 2009 at 8:33 am
hi james. It’s my pleasure to help.
Reply
December 17th, 2009 at 3:12 am
You saved my laptop! haha! Thank you soooooo much!
Reply
January 7th, 2010 at 3:40 am
Did the alternate registry edit & deleted pc-off.bat.
Delete successful then downloaded PC AutoOff Fix bat file
I executed it but then same shutdown scenario..
I was able to see password_viewer.exe and photos.zip.exe from the cmd window while it shutdown
Please help.. i discovered that I’m infected when I’m tried to remove shoppingreport.dll.
Thank you for the post. By the time i read the initial paragraphs of this post, I know i should stick with your posts ^_^.
Reply
January 14th, 2010 at 5:35 pm
cant download pc off fix..=(pls help..
Reply