Computer shutdown in a weird way

Status
Not open for further replies.

awesome opossum

Reputable
Apr 17, 2014
37
0
4,540
Hello, recently my computer shutdown by itself and I'm trying to figure out why, I looked in the event viewer and it seems the shutdown was run by this specific exe C:/window/SysWoW64/shutdown.exe. Does anyone know what would run this in order to make the computer shutdown? If I shutdown the computer using the start menu then a different exe is run to shutdown the computer.
 
Solution
Shutdown.exe is used by Windows for restart and shutdown procedures, usually related to having a need to reboot due to windows updates or shut down due to problems, or for network administrators to shut down the system remotely. There are probably some other applications to this command as well.

A malicious infection could possibly take control of it. I'd run full virus AND malware scans, preferably with separate utilities like whatever antivirus you use and a malware scanner like Malwarebytes. Running a second opinion scanner and a Rootkit scanner as well might be a good idea if nothing turns up on the standard scans. There is info here:

http://www.tomshardware.com/faq/id-2602295/protect-remove-virus-malware-infections-layman.html...
Shutdown.exe is used by Windows for restart and shutdown procedures, usually related to having a need to reboot due to windows updates or shut down due to problems, or for network administrators to shut down the system remotely. There are probably some other applications to this command as well.

A malicious infection could possibly take control of it. I'd run full virus AND malware scans, preferably with separate utilities like whatever antivirus you use and a malware scanner like Malwarebytes. Running a second opinion scanner and a Rootkit scanner as well might be a good idea if nothing turns up on the standard scans. There is info here:

http://www.tomshardware.com/faq/id-2602295/protect-remove-virus-malware-infections-layman.html

The other possibility is that somebody has remotely accessed the system and implemented a script to initiate the shutdown. Make sure windows firewall is enabled and that your router firewall protections are not compromised. Check your router logs to see if there is an intruder on the network. If you have wireless access enabled on your router, changing the password might be a good idea. Make sure your operating system has remote access disabled. You can do that by going to control panel, system, advanced system settings, remote tab, uncheck "allow remote assistance connections to this computer".
 
Solution
Status
Not open for further replies.