Recently Posted

advertisement


Navigation
« Notifu.com - free SMS, IM, Email Notification Service
Samsung M8800 Pixon »

  November 9th, 2008
Removing the cmd auto shutdown virus

A few moments ago, I fixed my friend’s computer’s problem. She’s having problem when accessing the command prompt from her Windows XP operating system. Everytime she attempts to execute “cmd” on her Run dialog box, her computer automatically shuts down. Here is my analysis on how the virus prevents her from using the command prompt and how to remove the virus from the sytem.




Problem

A virus is preventing the user from using the command prompt. When “cmd” is used, the system automatically shuts off.

Analysis

After giving attempting the “cmd” on her system, the command prompt executes a file called “pc-off.bat“. If my assumptions are correct, this file causes the system to shut down. The file injects itself before the “cmd” command starts.

The only way that this can be done is to inject a command in the Command Processor registry entry. To solve the problem, we have to trace and remove the command that was injected by the virus.

Solution

We must first gain access to our registry editor (regedit on your run prompt). In some cases, the virus disables user (admin) access to the registry. Since the virus injects itself in our command prompt, using DOS to access the registry is not possible. What I can suggest is you download and install an alternate registry editor which you can use to browse your registry editors.

One you gain access to the system registry, browse on the [HKEY_CURRENT_USER\Software\Microsoft\Command Processor] and remove the “autorun“= “c:\Windows\pc-off.bat” entry.


Remove or delete the highlighted entry.

After removing the autorun entry, download and run this batch file.

In some reported cases, the pc-off.bat virus have other variations like bar311.exe, password_viewer.exe, and photos.zip.exe. The fix file above should remove these files as well.

After fixing the problem, update your anti-virus or buy an updated anti-virus to prevent further infection.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • blinkbits
  • BlinkList
  • blogmarks
  • Bumpzee
  • description
  • Furl
  • Live
  • Ma.gnolia
  • Reddit
  • Slashdot
  • Socialogs
  • SphereIt
  • Spurl
  • StumbleUpon
  • Technorati
  • TwitThis
  • YahooMyWeb
  • Pownce
  • Ratimarks

Related articles

Tagged with: , , , , , , , ,

If you want to be updated with my most recent post

please enter your email address:


Subscribe to Techy Kid by Email


This entry was Visited 284 times, 7 so far today. This entry was posted on Sunday, November 9th, 2008 at 1:02 pm and is filed under Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
  By Winston

DISCUSSIONS

Leave a Reply