Here's how to remove it:

Step 1: run the task manager or simply press CTRL+ALT+DEL...if task manager is infected click here to solve it

Step 2: End the following process:

password_viewer.exe or bar311.exe or photos.zip.exe

Step 3: The Virus have an entry in the registry, we should modify the entry in order to delete the virus. We will use regedit, Click on START then RUN then type regedit... *if regedit is disabled click here to solve...

Step 4: Now that regedit is popout, we will start to modify. Go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

WindowsNT\CurrentVersion\Winlogon

Step 5: In the userinit entry right click and modify

you will notice the value, userinit.exe,bar311.exe

remove the ,bar311.exe. "DO NOT DELETE userinit.exe"

Step 6: Go to:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced

delete the ff. entries

"Hidden"=dword:00000001

"HideFileExt"=dword:00000000

"ShowSuperHidden"=dword:00000001

Step 7: Go to:

HKEY_CURRENT_USER\Software\Microsoft\Command Processor

in the autorun entry,

delete "c:\Windows\pc-off.bat" or delete the autorun key

Step 8: Now we will remove the autorun.inf, heres how...

Open a notepad then paste this codes

@echo off

c:

attrib autorun.inf -h -r -s

del autorun.inf -h -r -s

d:

attrib autorun.inf -h -r -s

del autorun.inf -h -r -s

del /a /f c:\Windows\bar311.exe

del /a /f c:\Windows\password_viewer.exe

del /a /f c:\Windows\photos.zip.exe del /a /f c:\Windows\pc-off.bat

Save the file as removeWinzip.bat then run, this will remove the virus