 | |
| |
| 25 Jan 2013 | #1 |
| | "You are about to be logged off" "Windows will shut down in 1 minute" I am ashamed to say I seem to have obtained some sort of malware, virus, or perhaps some some "funny" fella using a .bat or .vbs file. At seemingly random times a window will pop up:  I highly doubt this is anything to do with legitimate windows functions. I have searched the running processes, and nothing seems fishy there. I ran a full scan with malware bytes, nothing came up, and I have run a full scan on my primary drive with microsoft security essentials, and I am currently running one on my secondary drives, also nothing. I also ran a quick search for .vbs and .bat files on my primary drive where I install all programs except games (its an SSD), and saw nothing out of the ordinary. Before the conversation arouses, I am not interested in having new antivirus software sold to me, I don't stand for any antivirus I have to pay for, nor "lite" or trial versions of software. I don't want something like avast about which almost every forum thread complaining about networking issues for things like games, seems to complain about. So unless you have something free, proven very effective, light weight that isn't going to treat me like a baby, asking if im sure I want to delete every file and telling me when my cpu is actually being used by a program like norton does >.<, I politely ask that you leave it out of this thread. I have run microsoft security essentials for a couple of years now and never had an issue, it is perfectly sufficient for me, in my opinion. Little bit of background. I actively run Microsoft Security Essentials, and due to this issue, currently have malware bytes running. More often than not I have my firewall disabled, I know to some this is heresy, however on an almost daily basis I run all sorts of lan and internet servers for people I play with, and frankly, creating exceptions to every program which wants to communicate over the internet is a huge pain in the ass, and doesn't even work half the time. The first event occurred about 8 hours ago, since then the window has popped up 3 times. I cannot recall downloading anything which could be host to such a function in the past few days. I downloaded a few videos, some images, a couple of scripts for servers. I also downloaded updates for skype, steam, and google earth. Odly enough, it occurs to me that the first event was mere minutes after applying the skype update...but for that to be the cause seems very unlikely to me. If anyone has suggestions it would be greatly appreciated, Thanks, Tom |
My System Specs | |
| 25 Jan 2013 | #2 |
| | Actually, if I'm not mistaken that looks very much like the shutdown command run from Windows cmd. I know you said you haven't found any .bat files, but just to be sure, you aren't using your own .bat files for anything are you? Have a look in the server script you downloaded. Code: C:\Windows\system32>shutdown
Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
[/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]
No args Display help. This is the same as typing /?.
/? Display help. This is the same as not typing any options.
/i Display the graphical user interface (GUI).
This must be the first option.
/l Log off. This cannot be used with /m or /d options.
/s Shutdown the computer.
/r Shutdown and restart the computer.
/g Shutdown and restart the computer. After the system is
rebooted, restart any registered applications.
/a Abort a system shutdown.
This can only be used during the time-out period.
/p Turn off the local computer with no time-out or warning.
Can be used with /d and /f options.
/h Hibernate the local computer.
Can be used with the /f option.
/e Document the reason for an unexpected shutdown of a computer.
/m \\computer Specify the target computer.
/t xxx Set the time-out period before shutdown to xxx seconds.
The valid range is 0-315360000 (10 years), with a default of 30.
If the timeout period is greater than 0, the /f parameter is
implied.
/c "comment" Comment on the reason for the restart or shutdown.
Maximum of 512 characters allowed.
/f Force running applications to close without forewarning users.
The /f parameter is implied when a value greater than 0 is
specified for the /t parameter.
/d [p|u:]xx:yy Provide the reason for the restart or shutdown.
p indicates that the restart or shutdown is planned.
u indicates that the reason is user defined.
If neither p nor u is specified the restart or shutdown is
unplanned.
xx is the major reason number (positive integer less than 256).
yy is the minor reason number (positive integer less than 65536).
Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type Major Minor Title
U 0 0 Other (Unplanned)
E 0 0 Other (Unplanned)
E P 0 0 Other (Planned)
U 0 5 Other Failure: System Unresponsive
E 1 1 Hardware: Maintenance (Unplanned)
E P 1 1 Hardware: Maintenance (Planned)
E 1 2 Hardware: Installation (Unplanned)
E P 1 2 Hardware: Installation (Planned)
E 2 2 Operating System: Recovery (Planned)
E P 2 2 Operating System: Recovery (Planned)
P 2 3 Operating System: Upgrade (Planned)
E 2 4 Operating System: Reconfiguration (Unplanned)
E P 2 4 Operating System: Reconfiguration (Planned)
P 2 16 Operating System: Service pack (Planned)
2 17 Operating System: Hot fix (Unplanned)
P 2 17 Operating System: Hot fix (Planned)
2 18 Operating System: Security fix (Unplanned)
P 2 18 Operating System: Security fix (Planned)
E 4 1 Application: Maintenance (Unplanned)
E P 4 1 Application: Maintenance (Planned)
E P 4 2 Application: Installation (Planned)
E 4 5 Application: Unresponsive
E 4 6 Application: Unstable
U 5 15 System Failure: Stop error
U 5 19 Security issue
E 5 19 Security issue
E P 5 19 Security issue
E 5 20 Loss of network connectivity (Unplanned)
U 6 11 Power Failure: Cord Unplugged
U 6 12 Power Failure: Environment
P 7 0 Legacy API shutdown
C:\Windows\system32> |
| My System Specs |
| 25 Jan 2013 | #3 |
| | I don't doubt the fact I had no firewall is quite likely to have played a part here. Call me stubborn, but in almost 2 years of minimum firewall usage, this is the only issue I have had, and the amount of times re-enabling it has only caused issues networking with other people I know and trust, which exceptions don't seem to solve, is just annoying. I do not regret using no firewall, and while I genuinely appreciate the advice, I am already aware of this, and mentioning it does not solve my issue (In the short term  ).And in answer to your first question, I don't use .bat files. However I do recognize how similar this is to that command, which is why I wonder if this isn't the result of some script kiddie. |
| My System Specs |
| . |
| |
| 25 Jan 2013 | #4 |
| | 
Quote: Originally Posted by Tomha  However I do recognize how similar this is to that command, which is why I wonder if this isn't the result of some script kiddie. |
| My System Specs |
| 25 Jan 2013 | #5 |
| | Had a look, but they are all quite simple scripts, most of which don't actually interact directly with windows, but rather which are loaded into/through the server programs. None of them appear to be of any interest though.. |
| My System Specs |
| 25 Jan 2013 | #6 |
| | Sorry, I'm sure what else to suggest.....something appears to be running the shutdown command. You'll have to try and track it down. |
| My System Specs |
| 25 Jan 2013 | #7 |
| | The Shutdown message you get is a normal one Windows shows when a scheduled shutdown is going to happen. A short explanation: I give my Windows 7 PC a command to shutdown in 1000 seconds by giving this command in Command Prompt: Code: shutdown -s -t 1000
After giving this command Windows pops up a balloon tip near notification are telling about the delayed action:  (1000 seconds used in my example = 16 minutes) When there is about one minute to go I will get this:  (Notice, it's not always quite exact, this message will be shown when there's something between one and two minutes to go to delayed shutdown.) It is like a last warning, giving me enough time to launch Command Prompt to abort delayed shutdown process with this command: Code: shutdown -a  To put this short: I do not believe you have got an infection. You could try to find the culprit by searching the whole computer for files that contain word shutdown to see if there's a batch file on your computer which will be launched when you do a certain task. Type this to Search field when in Explorer > Computer to get a list of all files containing word shutdown: Code: content:shutdown Kari |
| My System Specs |
| 25 Jan 2013 | #8 |
| | Thanks Kari, the Task Scheduler didn't have any scheduled shutdowns, and the search is running now. |
| My System Specs |
| 25 Jan 2013 | #9 |
| | In any case you can test if this really is a scheduled delayed shutdown process or something else. If / when you get the message again, open Command Prompt (could be a good idea to pin it to Taskbar?) and abort shutdown. As aborting shutdown only works if there really exists a scheduled shutdown, Windows tells you there are no scheduled shutdowns if this message of yours is something else:  Kari |
| My System Specs |
| 25 Jan 2013 | #10 |
| | The searches didn't find anything. I have the command prompt on the task bar, and next time it pops up, ill try stop the shutdown and report back then. Thanks for the suggestions  |
| My System Specs |
 |
"You are about to be logged off" "Windows will shut down in 1 minute" problems?
| Thread Tools | |
| Similar help and support threads for: "You are about to be logged off" "Windows will shut down in 1 minute" | ||||
| Thread | Forum | |||
 "dependency chain" "windows 7" internet "windows explorer" | System Security | |||
| Changing the "minimize" "maximize" and "close" buttons of a theme | Customization | |||
| Remaking "My Music", "My Pictures", "My Videos" folders | Customization | |||
| "access denied" when using "assoc" and "ftype" from cmdline? | General Discussion | |||
| Start menu -> Shutdown Button - "shut down" and "sleep" | Customization | |||
All times are GMT -5. The time now is 12:15 AM.
