Monday, September 1, 2008

Removing the bar311.exe virus manually

While copying some PSP games on a neighbor's PSP, I didn't notice that his memory stick had a virus that infected my PC. Funny thing is that my updated AVG anti-virus was not able to detect it. I just noticed an unusual process running on my task manager called bar311.exe.

If you wanna know if your machine is infected, check your Task Manager (right click on your Windows toolbar > Task Manager) for any of these processes:

  • bar311.exe
  • photos.zip.exe
  • password_viewer.exe

Fortunately, it's quite easy to remove this thing manually. Here's how:

1. First, end the process of any of the three files (above) from the Task Manager.

2. Start > Run > type regedit to access your registry

3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and look for the Userinit entry. Delete bar311.exe from that entry. A healthy Userinit should look like this:

userinit

4. Still in the registry, go to HKEY_CURRENT_USER\Software\Microsoft\ Command Processor and delete the autorun entry ("autorun"="c:\Windows\pc-off.bat").

5. To remove the virus files, make sure that you can view hidden and system files. In your Windows Explorer window, go to Tools > Folder Options. In the View tab, your setting should be like this:

folderoptions

6. Go to C:\Windows and delete the ff. files:

  • bar311.exe, photos.zip.exe, password_viewer.exe
  • pc-off.bat (this is the file that spreads the virus)

7. To see if you successfully removed the virus, restart your PC and check your task manager again.

That's it. Please let me know if you're having trouble with my instructions by leaving a comment and I'll try my best to help you out.

1 comment:

Anonymous said...

Thanks, it helped me alot.

Post a Comment

Blog Widget by LinkWithin