NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (2024)

Juyi

• 
• Members
• 7 posts
• OFFLINE

Lately I have been getting shutdowns and before my PC shutdown it pops up a notification saying "You have been sign out, Windows will shutdown" something like that and when it pops up I only have like 5 seconds before my PC shutdowns I looked at the EventLogs it says:

The process C:\WINDOWS\SysWOW64\shutdown.exe (USER) has initiated the shutdown of computer USER on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found

Reason Code: 0x800000ff

Shutdown Type: shutdown

I have ran TDSSKiller, RKill, Malwarebytes, JRT, AdwCleaner and nothing.

Edited by Juyi, 19 July 2018 - 06:21 PM.

nasdaq

• 
• Malware Response Team
• 48,328 posts
• OFFLINE

• Gender:Male
• Location:Montreal, QC. Canada
• Local time:10:35 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Please wait for further instructions.

===

p.s.
Have you experienced an other shutdown recently?

Juyi

• Topic Starter


• 
• Members
• 7 posts
• OFFLINE

Sorry for the late reply.

"Have you experienced an other shutdown recently?"

No, Just this NT AUTHORITY

nasdaq

• 
• Malware Response Team
• 48,328 posts
• OFFLINE

• Gender:Male
• Location:Montreal, QC. Canada
• Local time:10:35 PM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.

StartCreateRestorePoint:CloseProcesses:HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTIONHKU\S-1-5-21-529217811-2136971307-3603107900-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1GroupPolicy\User: Restriction ? <==== ATTENTIONS3 cpuz140; \??\C:\Users\Juyi\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTIONS3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No FileShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No FileContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No FileContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No FileTask: {093A3A6E-9907-47F3-B366-F0FB74D9EB1B} - System32\Tasks\action => C:\Program Files (x86)\Saluki\Pelikan.exeTask: {440D953E-1AE2-4780-8782-C097A36A4685} - System32\Tasks\sequeira trim snia => C:\Users\Juyi\AppData\Local\Pelikan.exeTask: {97024696-869F-4A2B-A27D-4F6ED864309F} - System32\Tasks\devin-allegations => C:\Program Files (x86)\steller\Pyridoxine.exeTask: {ABEE4A55-9E2F-4477-8A1E-BAAA4F8CBF3B} - System32\Tasks\relate_missive => C:\Users\Juyi\AppData\Local\Pyridoxine.exeTask: {B39865CF-07CD-4905-A674-D1FA68FDE071} - System32\Tasks\vomeronasal replenishment => C:\Program Files (x86)\Iwai\Pyridoxine.exeTask: {EFA92D11-B2E9-4955-A502-8B02EC693251} - System32\Tasks\pressmen_francesca => C:\Program Files (x86)\Iwai\Pelikan.exeC:\Program Files (x86)\SalukC:\Users\Juyi\AppData\Local\Pelikan.exeC:\Program Files (x86)\stellerC:\Users\Juyi\AppData\Local\Pyridoxine.exeC:\Program Files (x86)\Iwacmd: ipconfig /flushdnscmd: IPCONFIG /releasecmd: IPCONFIG /renewReboot:End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

Juyi

• Topic Starter


• 
• Members
• 7 posts
• OFFLINE

The shutdown still persist, I feel like it's my cpu overheating but there's no reason for it to pop up a shutdown notification because it should just shutdown without any notice, What do I do now?

Edit: I just ran a temperature log and the CPU is not overheating and still shutdowns

Edited by Juyi, 23 July 2018 - 03:28 AM.

nasdaq

• 
• Malware Response Team
• 48,328 posts
• OFFLINE

• Gender:Male
• Location:Montreal, QC. Canada
• Local time:10:35 PM

Hi,

There are many reasons for this unexpeected shutdown.
https://www.computerhope.com/issues/ch000689.htm

This is not caused by Malware and not my forte.

I suggest you start a new topic in theInternal Hardware Forum.
https://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Explain you shutdown issue. A Technician should be able to suggest to remedial actions.

I will leave this topic open for 6 days. If you need to return please do.