shoot down

We're facing a problem here Houston.

Sebuah komputer yang digunakan di barisan produksi seringkali mengalami auto shutdown. Puncanya masih tak diketahui samada melalui thumbdrive yang mempunyai virus atau melalui network. Yang pastinya ia mengganggu kerja yang dijalankan. Setelah menjalankan kajian pendek, didapati bahawa sememangnya virus ini boleh dibina sendiri oleh sesiapa sekalipun. Siap ada sebuah blog yang mengajar langkah-langkah untuk membuat virus ni. Cis! Agak menyusahkan lah apabila virus itu cuma memberi masa 1 saat untuk respons kepada tindakan auto shut-down tu. Jika tiada jalan lain, maka format saja lah komputer tu. Diharapkan masalah ni takkan berlaku lagi. Yeah rite.

Perhaps I should add, the virus's name is W32.Imautorun and it disguises itself as msn.exe or in your C:\Windows. It will auto shutdown your pc if the command prompt is started, in this case everytime you start your pc. We were able to start the pc by using diagnostic start-up (thanks to Fazlee). I then updated the virus definition and scanned the whole pc. In which I found the files '' recognised as W32.Imautorun in C:\Windows. Every action taken by the antivirus failed. So I decided to restart the pc and start on Safe Mode. Scanned and still the virus could not be removed. Then as suggested by Symantec, I downloaded the reset file for registry edit and run the file on the infected pc. Restarted and scanned, voila! Delete succeeded!

But, when I tried to open the command prompt, this came out, with 1 second response time before it shutdowns the pc.

Yay. I FAIL. If only there were enough time I would've been able to reach Start > Run and type shutdown -a before the time runs out.

Apparently we're dealing with multiple viruses here, or so I think.

Ahah! I've found a solution. It seems that everytime I tried to open the command prompt, the virus was activated. Therefore I tried to change the directory of command prompt's shortcut. Which lead me to this. All I had to do was go to Registry through Start > Run > regedit and find this:
HKEY_CURRENT_USER\Software\Microsoft\Command Processor

and delete the autorun value. Once again, voila! I tried to find the file pc-off.bat in C:\Windows but to no avail, it could not be found (despite unhiding hidden files).

So, yay me!

p/s: this is not what i do on a daily basis.