How to remove BV malware gen on my PC c:windows/pc.off bat

This is a virus activity which prevents to use command prompt on the infected machine, this virus is called PC-OFF.bat trojan which turns off or shutdown your computer when ever you try to use command prompt by any means.
The infected computer restarts on opening command prompt.
This PC-OFF.bat virus creates the following files

• • password_viewer.exe
  • bar311.exe
  • photo.zip.exe
  • pc-off.bat

at the following locations

• • c:\windows\bar311.exe
  • c:\windows\password_viewer.exe
  • c:\windows\photo.zip.exe
  • c:\windows\pc-off.bat

Another variant of the this virus is recognized as bar311.exe virus A.K.A. winzip123 which will have almost the same symptoms and when ever you boot your Windows Xp computer in safe mode it will say a message Thank You!!! Password:Winzip123
Let's find out the fix to remove this shutdown virus completely from computer.
Fix:
1. Open Task Manager by pressing Ctrl+Shift+Esc, click the process tab and locate the process named 'password_viewer.exe' or 'bar311.exe' or 'photo.zip.exe' one by one and right click and select 'End Process'
2. Open Start Menu >> Run, type regedit and press Enter key or OK button
3. Navigate to the following path
HKEY_LOCAL_MACHINE \ SOFTWARE \ MICROSOFT \ WINDOWS NT \ CURRENTVERSION \ WINLOGON
4. Locate the key named Userinit in right pane
"Userinit" = C:\WINDOWS\system32\userinit.exe,bar311.exe"
double click and remove the text 'bar311.exe' from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,photo.zip.exe"
double click and remove the text 'photo.zip.exe' from the above
OR
"Userinit" = C:\WINDOWS\system32\userinit.exe,password_viewer.exe"
double click and remove the text 'password_viewer.exe' from the above
Note: Please make sure after editing the above Userinit key value it should be only
C:\WINDOWS\system32\userinit.exe (as shown in the image below)

5. Navigate to the following path now
HKEY_CURRENT_USER \software\microsoft\windows\currentversion\explorer\advanced
Change Value of the following registry Key's :-
"Hidden"=dword:00000001 (1) - Change to '1'
"HideFileExt"=Dword:00000000 (0) - Change to '0'
"ShowSupperHidden"=Dword:00000001 (1) - Change to '1'
6. Navigate to the following registry path
HKEY_CURRENT_USER \software\microsoft\Command Processor
Find the registry key named autorun, right click and delete this key. The value of the key would be autorun=c:\windows\pc-off.bat

7. Open notepad and type the following commands
@echo off
del /a /f c:\windows\bar311.exe
del /a /f c:\windows\password_viewer.exe
del /a /f c:\windows\photo.zip.exe
del /a /f c:\windows\pc-off.bat
pause
Save it as remove-pc-off-virus.bat and double click to run it. Or just download this batch file here and run it by double click.
8. Search for bar311.exe OR password_viewer.exe OR photo.zip.exe OR pc-off.bat and delete these files where ever found on your computer.
9. That's it, Enjoy the pc off virus is now completely removed from your computer.

run.dll is a DATA LINK LIBRARY FILE if it is sikped in installing windows {or} other any software ,malware,adware virus problem you can fix it by using DLL suite { the dll suite download and install it will have a lot of serials keys in serial.ws.com } you will enjoy the features of windows

1. Click Start
   , type notepad in the Start Search box, and then click notepad in the Programs list.
2. Copy the following commands, and then paste them into the Notepad window. net stop wuauserv CD %systemroot%\SoftwareDistribution Ren Download Download.old net start wuauserv
3. On the File menu, click Save As.
4. In the File name box, type rename.bat, and then click All Files (*.*) in the Save as type box.
5. Save the Rename.bat file to the desktop.
6. Right-click the Rename.bat file, and then click Run as administrator.
   
   If you are prompted for an administrator password or for a confirmation, type the password, or click Continue.
7. Try to install the updates again.

A process named update.exe appears to be part of several different programs. So many malware named itself update.exe.


***Any malware can be named anything - so you should check where the files of the running processes are located on your disk. If a "non-Microsoft" .exe file is located in the C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware, trojan or worm infection! Check it out!

I think you should run Anti malware software to scan your system.......

You can ask experts for free virus removal at http://www.vtechsquad.com

Hi,

Your PC is infected with virus. If you have any antivirus update it and full scan your computer otherwise you can download free SuperAntiSpyware for there http://www.superantispyware.com after download install it and full scan your PC then restart.

ccSvcHst.exe - works to display the GUI (Graphical User Interface) of Norton products, which usually include the Norton Security Suites.
lsass.exe - Disable and remove lsass.exe Immediately. This process is most likely a virus or trojan.

Other processes are required for essential applications to work properly.

You can visit this liutilities.com and search for the process your not familiar with.


Please rate this if you find this helpful.

Thanks,

for windows 7 avast compatability have been released just try tat

Then if you can quarantine that in a folder. Quarantine it. If pccillin have a reporting log with its path. Then copy in a piece of paper the name and path. Then delete that in DOS mode if you are familiar with that only be sure that it is a legit viral file.

Symptom When opening iTunes for Windows you may see the following error message:
"iTunes might be unable to launch or communicate with iPod or iPhone. For help repairing your operating system, click More Information." Products affected

• iTunes for Windows

Solution This symptom may be caused by an issue with the digital signing of Windows XP drivers. First, update to the latest version of iTunes. You can download the updater here or in iTunes, choose Help > Check for Updates.
If the issue continues with the latest version of iTunes, try following the steps below to reregister several .dll files, which may resolve this issue.

1. Quit iTunes.
2. Highlight all of the following 10 lines of text that begin with regsvr32 and then choose Copy from the Edit menu of your web browser: regsvr32 /s softpub.dll
   regsvr32 /s wintrust.dll
   regsvr32 /s dssenh.dll
   regsvr32 /s rsaenh.dll
   regsvr32 /s gpkcsp.dll
   regsvr32 /s sccbase.dll
   regsvr32 /s slbcsp.dll
   regsvr32 /s mssip32.dll
   regsvr32 /s cryptdlg.dll
   regsvr32 /s initpki.dll
   
   
3. Open the Notepad program by choosing
   Start > All Programs > Accessories > Notepad
4. In Notepad, choose Paste from the Edit menu. Note: make sure that the text that appears in Notepad is the same as what is shown above.
5. From the File menu, choose Save As.
6. In the File name field type appleitunes.bat and save the file to the Desktop.
7. Close Notepad and locate the appleitunes.bat file. It should appear on the Desktop with the icon shown below:
   
8. Double-click the file and you will see a black window appear on the screen for about a minute. Wait until the window automatically disappears and proceed to the next step.
9. The appleitunes.bat file can be deleted at this time.
10. Open iTunes.

Additional Information Because some malware may unregister the .dll files, make sure you have the most recent updates to your anti-virus software and then do a full scan of your files.