How to Remove a Shutdown Virus

Techwalla may earn compensation through affiliate links in this story. Learn more about our affiliate and product review process here.
Image Credit: vladans/iStock/Getty Images

A shutdown virus is programmed to make your computer shut itself off. It can happen from any command the specific virus chooses, be it opening a web browser or accessing your command prompt. A shutdown virus can be a harmless prank from a friend, but it can also be from someone more sinister. A reliable, updated antivirus program is always the best way to completely remove a virus, but there are ways to remove this one manually. Deleting the files and registry keys associated with the virus can help disable it.

Advertisement

Step 1

Open the registry editor on your computer. Go to the "Run" command in the "Start" menu, type "regedit" and press "Enter." Some shutdown viruses can deny you access to the registry editor. In this case, download and install an alternate registry editor and open it.

Advertisement

Video of the Day

Step 2

Make a copy of your registry, especially if you are using the computer's main registry editor. Editing anything in the registry is dangerous and can damage the computer. Go to "Start," "Programs," "Accessories," "System Tools" and "System Restore." Choose "create a Restore Point" and follow all instructions the dialogue box gives you.

Advertisement

Step 3

Search the registry keys within "HKEY_CURRENT_USER." Look for autorun keys that include "shutdown," "pc off" or something similar within the data name. Delete these registry keys by right-clicking on them, selecting "Modify" and clicking "Delete."

Advertisement

Advertisement

Step 4

Open your computer's "Program Files" folder. Search for EXE files that appear related to the shutdown virus--they will very likely have the same "shutdown-pc off" title. Delete these files and immediately clear your "Recycling Bin."

Step 5

Open your "Task Manager" by inputting "taskmgr.exe" in the "Run" command. Go to the "Processes" tab and search for the processes with the same names as the deleted files. Right-click these processes and select "End Process" to kill them.

Advertisement

Advertisement

resources

Report an Issue

screenshot of the current page

Screenshot loading...