"You are about to be logged off" "Windows will shut down in 1 minute"

Page 1 of 3 123 LastLast

  1. Tomha
    Posts : 391
    Windows 7 Professional 64bit
       New #1

    "You are about to be logged off" "Windows will shut down in 1 minute"


    I am ashamed to say I seem to have obtained some sort of malware, virus, or perhaps some some "funny" fella using a .bat or .vbs file. At seemingly random times a window will pop up:



    I highly doubt this is anything to do with legitimate windows functions.

    I have searched the running processes, and nothing seems fishy there. I ran a full scan with malware bytes, nothing came up, and I have run a full scan on my primary drive with microsoft security essentials, and I am currently running one on my secondary drives, also nothing. I also ran a quick search for .vbs and .bat files on my primary drive where I install all programs except games (its an SSD), and saw nothing out of the ordinary.

    Before the conversation arouses, I am not interested in having new antivirus software sold to me, I don't stand for any antivirus I have to pay for, nor "lite" or trial versions of software. I don't want something like avast about which almost every forum thread complaining about networking issues for things like games, seems to complain about. So unless you have something free, proven very effective, light weight that isn't going to treat me like a baby, asking if im sure I want to delete every file and telling me when my cpu is actually being used by a program like norton does >.<, I politely ask that you leave it out of this thread. I have run microsoft security essentials for a couple of years now and never had an issue, it is perfectly sufficient for me, in my opinion.

    Little bit of background. I actively run Microsoft Security Essentials, and due to this issue, currently have malware bytes running. More often than not I have my firewall disabled, I know to some this is heresy, however on an almost daily basis I run all sorts of lan and internet servers for people I play with, and frankly, creating exceptions to every program which wants to communicate over the internet is a huge pain in the ass, and doesn't even work half the time. The first event occurred about 8 hours ago, since then the window has popped up 3 times. I cannot recall downloading anything which could be host to such a function in the past few days. I downloaded a few videos, some images, a couple of scripts for servers. I also downloaded updates for skype, steam, and google earth. Odly enough, it occurs to me that the first event was mere minutes after applying the skype update...but for that to be the cause seems very unlikely to me.

    If anyone has suggestions it would be greatly appreciated,
    Thanks,
    Tom
      My Computer
    Quote Quote

  3. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #2

    Actually, if I'm not mistaken that looks very much like the shutdown command run from Windows cmd.

    I know you said you haven't found any .bat files, but just to be sure, you aren't using your own .bat files for anything are you? Have a look in the server script you downloaded.

    Code:
    C:\Windows\system32>shutdown
Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e] [/f]
    [/m \\computer][/t xxx][/d [p|u:]xx:yy [/c "comment"]]

    No args    Display help. This is the same as typing /?.
    /?         Display help. This is the same as not typing any options.
    /i         Display the graphical user interface (GUI).
               This must be the first option.
    /l         Log off. This cannot be used with /m or /d options.
    /s         Shutdown the computer.
    /r         Shutdown and restart the computer.
    /g         Shutdown and restart the computer. After the system is
               rebooted, restart any registered applications.
    /a         Abort a system shutdown.
               This can only be used during the time-out period.
    /p         Turn off the local computer with no time-out or warning.
               Can be used with /d and /f options.
    /h         Hibernate the local computer.
               Can be used with the /f option.
    /e         Document the reason for an unexpected shutdown of a computer.
    /m \\computer Specify the target computer.
    /t xxx     Set the time-out period before shutdown to xxx seconds.
               The valid range is 0-315360000 (10 years), with a default of 30.
               If the timeout period is greater than 0, the /f parameter is
               implied.
    /c "comment" Comment on the reason for the restart or shutdown.
               Maximum of 512 characters allowed.
    /f         Force running applications to close without forewarning users.
               The /f parameter is implied when a value greater than 0 is
               specified for the /t parameter.
    /d [p|u:]xx:yy  Provide the reason for the restart or shutdown.
               p indicates that the restart or shutdown is planned.
               u indicates that the reason is user defined.
               If neither p nor u is specified the restart or shutdown is
               unplanned.
               xx is the major reason number (positive integer less than 256).
               yy is the minor reason number (positive integer less than 65536).


Reasons on this computer:
(E = Expected U = Unexpected P = planned, C = customer defined)
Type    Major   Minor   Title

 U      0       0       Other (Unplanned)
E       0       0       Other (Unplanned)
E P     0       0       Other (Planned)
 U      0       5       Other Failure: System Unresponsive
E       1       1       Hardware: Maintenance (Unplanned)
E P     1       1       Hardware: Maintenance (Planned)
E       1       2       Hardware: Installation (Unplanned)
E P     1       2       Hardware: Installation (Planned)
E       2       2       Operating System: Recovery (Planned)
E P     2       2       Operating System: Recovery (Planned)
  P     2       3       Operating System: Upgrade (Planned)
E       2       4       Operating System: Reconfiguration (Unplanned)
E P     2       4       Operating System: Reconfiguration (Planned)
  P     2       16      Operating System: Service pack (Planned)
        2       17      Operating System: Hot fix (Unplanned)
  P     2       17      Operating System: Hot fix (Planned)
        2       18      Operating System: Security fix (Unplanned)
  P     2       18      Operating System: Security fix (Planned)
E       4       1       Application: Maintenance (Unplanned)
E P     4       1       Application: Maintenance (Planned)
E P     4       2       Application: Installation (Planned)
E       4       5       Application: Unresponsive
E       4       6       Application: Unstable
 U      5       15      System Failure: Stop error
 U      5       19      Security issue
E       5       19      Security issue
E P     5       19      Security issue
E       5       20      Loss of network connectivity (Unplanned)
 U      6       11      Power Failure: Cord Unplugged
 U      6       12      Power Failure: Environment
  P     7       0       Legacy API shutdown

C:\Windows\system32>
    Failing that, I would guess the fact that you don't run a firewall will have opened you up to some form of penetration.....
      My Computer
    Quote Quote

  4. Tomha
    Posts : 391
    Windows 7 Professional 64bit
    Thread Starter
       New #3

    I don't doubt the fact I had no firewall is quite likely to have played a part here. Call me stubborn, but in almost 2 years of minimum firewall usage, this is the only issue I have had, and the amount of times re-enabling it has only caused issues networking with other people I know and trust, which exceptions don't seem to solve, is just annoying. I do not regret using no firewall, and while I genuinely appreciate the advice, I am already aware of this, and mentioning it does not solve my issue (In the short term ).

    And in answer to your first question, I don't use .bat files. However I do recognize how similar this is to that command, which is why I wonder if this isn't the result of some script kiddie.
      My Computer
    Quote Quote

  6. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #4

    Tomha said:
    However I do recognize how similar this is to that command, which is why I wonder if this isn't the result of some script kiddie.
    Very likely, check your server scripts - especially those uploaded to you server.
      My Computer
    Quote Quote

  7. Tomha
    Posts : 391
    Windows 7 Professional 64bit
    Thread Starter
       New #5

    Had a look, but they are all quite simple scripts, most of which don't actually interact directly with windows, but rather which are loaded into/through the server programs. None of them appear to be of any interest though..
      My Computer
    Quote Quote

  8. Golden
    Posts : 19,383
    Windows 10 Pro x64 ; Xubuntu x64
       New #6

    Sorry, I'm sure what else to suggest.....something appears to be running the shutdown command. You'll have to try and track it down.
      My Computer
    Quote Quote

  10. Kari
    Posts : 17,545
    Windows 10 Pro x64 EN-GB
       New #7

    The Shutdown message you get is a normal one Windows shows when a scheduled shutdown is going to happen.

    A short explanation:
    I give my Windows 7 PC a command to shutdown in 1000 seconds by giving this command in Command Prompt:
    Code:
    shutdown -s -t 1000
    • -s = shutdown, other options for instance -r to reboot or -h to hibernate
    • -t XXXX = shutdown delay where XXXX is time in seconds, if -t switch is not used the default delay is 30 seconds


    After giving this command Windows pops up a balloon tip near notification are telling about the delayed action:

    &quot;You are about to be logged off&quot; &quot;Windows will shut down in 1 minute&quot;-shutdown_1.png

    (1000 seconds used in my example = 16 minutes)

    When there is about one minute to go I will get this:

    &quot;You are about to be logged off&quot; &quot;Windows will shut down in 1 minute&quot;-shutdown_3.png

    (Notice, it's not always quite exact, this message will be shown when there's something between one and two minutes to go to delayed shutdown.)

    It is like a last warning, giving me enough time to launch Command Prompt to abort delayed shutdown process with this command:
    Code:
    shutdown -a
    When aborted, Windows shows a balloon tip near notification area telling about this:

    &quot;You are about to be logged off&quot; &quot;Windows will shut down in 1 minute&quot;-shutdown_2.png

    To put this short: I do not believe you have got an infection. You could try to find the culprit by searching the whole computer for files that contain word shutdown to see if there's a batch file on your computer which will be launched when you do a certain task.

    Type this to Search field when in Explorer > Computer to get a list of all files containing word shutdown:
    Code:
    content:shutdown
    You could also check the Task Scheduler to see if there's a for you unknown task that launches a delayed, scheduled shutdown.

    Kari
      My Computer
    Quote Quote

  11. Tomha
    Posts : 391
    Windows 7 Professional 64bit
    Thread Starter
       New #8

    Thanks Kari, the Task Scheduler didn't have any scheduled shutdowns, and the search is running now.
      My Computer
    Quote Quote

  12. Kari
    Posts : 17,545
    Windows 10 Pro x64 EN-GB
       New #9

    In any case you can test if this really is a scheduled delayed shutdown process or something else. If / when you get the message again, open Command Prompt (could be a good idea to pin it to Taskbar?) and abort shutdown.

    As aborting shutdown only works if there really exists a scheduled shutdown, Windows tells you there are no scheduled shutdowns if this message of yours is something else:

    &quot;You are about to be logged off&quot; &quot;Windows will shut down in 1 minute&quot;-shutdown_4.png

    Kari
      My Computer
    Quote Quote

  13. Tomha
    Posts : 391
    Windows 7 Professional 64bit
    Thread Starter
       New #10

    The searches didn't find anything. I have the command prompt on the task bar, and next time it pops up, ill try stop the shutdown and report back then. Thanks for the suggestions :)
      My Computer
    Quote Quote

 
Page 1 of 3 123 LastLast

  Related Discussions
So I basically heard a "shut down noise" from my PC that lead to the blue screen. After I restarted it I only had, Repair system and Start Normally. There was no safe mode. I used build in system check and it stop on 50% on my hard-drive saying "biohd-8" error. I did a crc check in system repair,...
Google knows nothing of this problem. every time I try to shut down my inspiron 1525, it cannot shut down! it says ""Waiting For Shut Down." "This Program is preventing Windows from shutting down"" force shutdown doesn't do anything. I have to hold the power button to hard shut down
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
Hi. Start menu -> I can only see shut down, or sleep, depending on how it's configured, but to access other power options I have to click on the small white arrow to the right of the power button. So if the default setting of the big button is shutdown then it's a hassle to choose sleep because...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 23:25.
Find Us