How to Remove Winzip123, bar311.exe, password_viewer.exe
- January 19th, 2009
- Write comment
You turn on your computer. It boots up just like how it did all the time. You start seeing the windows logo with the green thing going accross. You get to the Welcome screen and you enter your password (in some computers you wouldn’t have to go through that though), but just when your wallpaper is already up, and you can already see your icons and all the good stuff, something pops up that says something like”Thank You!! Password: winzip123.” And you’re like “What on earth is that??” Well, tell you what, YOU HAVE A VIRUS ON YOUR COMPUTER and good news, I know how to remove it! Good for you because you got to this page. 
Important info about bar311.exe or winzip123:
You can usually get this virus from downloading torrent stuff (like games with keygens or unauthorzed/pirated programs, movies and mp3) so I’d suggest that as much as ou can, avoid installing Kazaa or Limewire if you don’t have a strong security system. I got the virus from limewire.
If you have this type of virus, everytime you try to open the Command Prompt, the virus would shut down the computer. It is because this virus attaches an automatic shutdown command to the execution of the command prompt. That means that trying to run a batch file (.bat) to delete this virus is USELESS.
You want to know how to remove it, don’t you? Of course. Buy me a pizza first then I’ll tell you. Ha! Just playing!
Here’s how:
First, we need to stop the virus from running so we can delete it.
- run the Task Manager by pressing CTRL + ALT + DEL
- click on the processes tab on the Task Manager
- end the following processes: bar311.exe, password_viewer.exe, photos.zip.exe
- close the Task Manager window
Now, we will need to tell Windows to not run it by editing the Windows Registry
- click Start
- click run
- type “regedit” in the textbox
- click Ok
- The Registry Editor window should come up
- on the left pane of the registry window, go to this path: HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\WindowsNT\CurrentVersion\Winlogon
- On the left side, look for userinit
- right click on userinit and click modify
- you will notice that the value in the text box is userinit.exe, bar311.exe or userinit.exe, password_viewer.exe
- delete bar311.exe or password_viewer.exe BUT VERY IMPORTANT: leave userinit.exe
Next, we will remove folder restrictions that have been set by the virus:
- Still on the Registry Editor, go to this path: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\Advanced
- Delete the following entries:
- “Hidden”=dword:00000001
- “HideFileExt”=dword:00000000
- “ShowSuperHidden”=dword:00000001
Next up, we’ll need to delete the registry entry that causes windows to shutdown everytime the command prompt is ran.
- In the Registry Editor, go to this path: HKEY_CURRENT_USER\Software\Microsoft\Command Processor
- delete the autorun key
Lastly, we will delete the autorun.inf file
- Open a notepad window
- Type this code in the notepad window:
- save the file as “command.bat”
- run “command.bat”
@echo off
c:
attrib autorun.inf -h -r -s
del autorun.inf -h -r -s
d:
attrib autorun.inf -h -r -s
del autorun.inf -h -r -s
del /a /f c:\Windows\bar311.exe
del /a /f c:\Windows\password_viewer.exe
del /a /f c:\Windows\photos.zip.exe del /a /f c:\Windows\pc-off.bat
YOU’RE DONE!!
If you’ve carefully followed all the instructions that I provided, your computer should be ready to go.