NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (2024)

#1Juyi

Juyi


  • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (2)
  • Members
  • 7 posts
  • OFFLINE

    Posted 19 July 2018 - 06:20 PM

    Lately I have been getting shutdowns and before my PC shutdown it pops up a notification saying "You have been sign out, Windows will shutdown" something like that and when it pops up I only have like 5 seconds before my PC shutdowns I looked at the EventLogs it says:

    The process C:\WINDOWS\SysWOW64\shutdown.exe (USER) has initiated the shutdown of computer USER on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found

    Reason Code: 0x800000ff

    Shutdown Type: shutdown

    I have ran TDSSKiller, RKill, Malwarebytes, JRT, AdwCleaner and nothing.


    Edited by Juyi, 19 July 2018 - 06:21 PM.

    • Back to top

    BC AdBot (Login to Remove)

    • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (4)
    • BleepingComputer.com
    • Register to remove ads

    #2nasdaq

    nasdaq


    • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (6)
    • Malware Response Team
    • 48,328 posts
    • OFFLINE
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:11:19 PM

    Posted 20 July 2018 - 09:52 AM

    Hello, Welcome to BleepingComputer.
    I'm nasdaq and will be helping you.

    If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
    ===

    Download the version of this tool for your operating system.
    Farbar Recovery Scan Tool (64 bit)
    Farbar Recovery Scan Tool (32 bit)
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    How to attach a file to your reply:
    In the Reply section in the bottom of the topic Click the "more reply Options" button.
    NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (7)

    Attach the file.
    Select the "Choose a File" navigate to the location of the File.
    Click the file you wish to Attach.
    Click Attach this file.
    Click the Add reply button.
    ===

    Please post the logs for my review.

    Please wait for further instructions.

    ===

    p.s.
    Have you experienced an other shutdown recently?

    • Back to top

    #3Juyi

    Juyi

    • Topic Starter

    • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (10)
    • Members
    • 7 posts
    • OFFLINE

      Posted 21 July 2018 - 07:31 PM

      Sorry for the late reply.

      "Have you experienced an other shutdown recently?"

      No, Just this NT AUTHORITY

      Attached Files

      • Addition.txt 56.03KB6 downloads
      • FRST.txt 50.54KB7 downloads

      • Back to top

      #4nasdaq

      nasdaq


      • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (15)
      • Malware Response Team
      • 48,328 posts
      • OFFLINE
      • Gender:Male
      • Location:Montreal, QC. Canada
      • Local time:11:19 PM

      Posted 22 July 2018 - 07:39 AM

      Hi,

      Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
      Type Notepad and and click the OK key.

      Please copy the entire contents of the code box below to a new file.

      StartCreateRestorePoint:CloseProcesses:HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTIONHKU\S-1-5-21-529217811-2136971307-3603107900-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1GroupPolicy\User: Restriction ? <==== ATTENTIONS3 cpuz140; \??\C:\Users\Juyi\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTIONS3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard64.sys [X]ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No FileShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No FileShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No FileContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers1: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No FileContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No FileContextMenuHandlers4: [YunShellExt] -> {6D85624F-305A-491d-8848-C1927AA0D790} => -> No FileTask: {093A3A6E-9907-47F3-B366-F0FB74D9EB1B} - System32\Tasks\action => C:\Program Files (x86)\Saluki\Pelikan.exeTask: {440D953E-1AE2-4780-8782-C097A36A4685} - System32\Tasks\sequeira trim snia => C:\Users\Juyi\AppData\Local\Pelikan.exeTask: {97024696-869F-4A2B-A27D-4F6ED864309F} - System32\Tasks\devin-allegations => C:\Program Files (x86)\steller\Pyridoxine.exeTask: {ABEE4A55-9E2F-4477-8A1E-BAAA4F8CBF3B} - System32\Tasks\relate_missive => C:\Users\Juyi\AppData\Local\Pyridoxine.exeTask: {B39865CF-07CD-4905-A674-D1FA68FDE071} - System32\Tasks\vomeronasal replenishment => C:\Program Files (x86)\Iwai\Pyridoxine.exeTask: {EFA92D11-B2E9-4955-A502-8B02EC693251} - System32\Tasks\pressmen_francesca => C:\Program Files (x86)\Iwai\Pelikan.exeC:\Program Files (x86)\SalukC:\Users\Juyi\AppData\Local\Pelikan.exeC:\Program Files (x86)\stellerC:\Users\Juyi\AppData\Local\Pyridoxine.exeC:\Program Files (x86)\Iwacmd: ipconfig /flushdnscmd: IPCONFIG /releasecmd: IPCONFIG /renewReboot:End

      Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
      The location is listed in the 3rd line of the Farbar log you have submitted.

      Run FRST and click Fix only once and wait.

      The tool will create a log (Fixlog.txt) please post it to your reply.

      Please let me know what problem persists with this computer.

      • Back to top

      #5Juyi

      Juyi

      • Topic Starter

      • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (18)
      • Members
      • 7 posts
      • OFFLINE

        Posted 22 July 2018 - 06:35 PM

        The shutdown still persist, I feel like it's my cpu overheating but there's no reason for it to pop up a shutdown notification because it should just shutdown without any notice, What do I do now?

        Edit: I just ran a temperature log and the CPU is not overheating and still shutdowns

        Attached Files

        • Fixlog.txt 10.22KB5 downloads

        Edited by Juyi, 23 July 2018 - 03:28 AM.

        • Back to top

        #6nasdaq

        nasdaq


        • NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (22)
        • Malware Response Team
        • 48,328 posts
        • OFFLINE
        • Gender:Male
        • Location:Montreal, QC. Canada
        • Local time:11:19 PM

        Posted 23 July 2018 - 07:16 AM

        Hi,

        There are many reasons for this unexpeected shutdown.
        https://www.computerhope.com/issues/ch000689.htm

        This is not caused by Malware and not my forte.

        I suggest you start a new topic in theInternal Hardware Forum.
        https://www.bleepingcomputer.com/forums/f/7/internal-hardware/

        Explain you shutdown issue. A Technician should be able to suggest to remedial actions.

        I will leave this topic open for 6 days. If you need to return please do.

        • Back to top
        NT AUTHORITY Shutdown - Virus, Trojan, Spyware, and Malware Removal Help (2024)

        FAQs

        How do I get rid of Trojan agent virus? ›

        The best way to clean up a Trojan infection is to use Malwarebytes' free trojan scanner, and then consider Malwarebytes Premium for proactive protection against future Trojan infections. Malwarebytes Premium will initiate a scan for Trojans and then remove Trojans so they can't cause further damage.

        How do I get rid of malware and spyware? ›

        Scan your device for malware.

        Run a malware or security Delete anything it identifies as a problem. You may have to restart your device for the changes to take effect. Run your scan again to make sure everything is clear. If the scan shows there are no more issues, you've likely removed the malware.

        How to remove malware such as a virus spyware or rogue security software? ›

        How to remove malware such as a virus, spyware, or rogue security software
        1. Install the latest updates from Microsoft Update. ...
        2. Use the free Microsoft Safety Scanner. ...
        3. Use the Windows Malicious Software Removal Tool. ...
        4. Manually remove the rogue security software. ...
        5. Run Microsoft Defender Offline.

        What is the best app to get rid of Trojan virus? ›

        Comparison of the best Trojan remover tools
        BrandRatingPlatforms supported
        Bitdefender4.6 ★ ★ ★ ★ ★Windows, macOS, Android, iOS, Linux
        Norton 3604.7 ★ ★ ★ ★ ★Windows, macOS, iOS, Android
        TotalAV4.9 ★ ★ ★ ★ ★Windows, macOS, iOS, Android
        Surfshark4.4 ★ ★ ★ ★ ☆Windows, macOS, Android
        1 more row
        Feb 8, 2024

        Will resetting PC remove Trojan virus? ›

        Resetting a PC will remove all programs, settings, and files, including any malware or viruses that may be present.

        How do I get rid of trojan killer? ›

        Most of the computer programs have uninstall.exe or uninst000.exe in their installation folders.
        1. Go to the installation folder of Trojan Killer. Most of the times it is located in C:\Programs files or C:\Program files(x86)
        2. Double click the file to start the uninstallation process.

        How to get rid of trojan spyware alert? ›

        Often, closing your browser or deleting a suspicious app should be enough to resolve the problem. And if this doesn't work, you may need to run an antivirus scan to detect and remove the threat. Overall, it's important to use reputable antivirus software to help you avoid malware.

        What to do if your computer has a Trojan virus? ›

        Unfortunately your other choices are limited, but the following steps may help save your computer and your files.
        1. Call IT support. ...
        2. Disconnect your computer from the Internet. ...
        3. Back up your important files. ...
        4. Scan your machine. ...
        5. Reinstall your operating system. ...
        6. Restore your files. ...
        7. Protect your computer.

        How do I get rid of hidden spyware? ›

        Option 1: Use a spyware removal tool
        1. Download and install Avast One. Install free Avast One. Get it for PC, Mac, iOS. ...
        2. Run an antivirus scan (Smart Scan) to detect spyware or other forms of malware and viruses.
        3. Follow the instructions from the app to remove the spyware and any other threats that may be lurking.
        Jan 26, 2024

        What is the best free malware and spyware removal program? ›

        Should I Go for Free or Paid Malware Software?
        1. Malwarebytes Anti-Malware. Malwarebytes is one of the most popular anti-malware tools that won't cost you a dime. ...
        2. Avast Free Antivirus. The free version of Avast has all the bells and whistles you'd expect in a capable anti-malware tool. ...
        3. AdwCleaner. ...
        4. HitmanPro. ...
        5. SUPERAntiSpyware.

        How do I permanently remove malware? ›

        How to get rid of a virus on your computer: Step-by-Step
        1. 1: Contact an IT professional. ...
        2. 2: Disconnect from your network. ...
        3. 3: Download antivirus. ...
        4. 4: Use a safe mode. ...
        5. 5: Reboot your device. ...
        6. 6: Run a virus scan. ...
        7. 7: Clear cache. ...
        8. 8: Update your browser and passwords.

        How do I get rid of malware without paying? ›

        Are there any free virus scans? Free virus detection software from a reputable provider like Avast is the best way to perform a free virus scan, online as well as off. We'll automatically detect, block, and remove viruses and other malware from your devices.

        What application removes malware? ›

        The easiest way to remove malware from your Windows PC is to use a free virus removal tool like Avast One, which scans for and removes existing malware, as well as prevents future infections. Avast One is compatible with all devices, so you can scan for, detect, and remove malware on Mac, iPhone, and Android too.

        What should I do if I get a Trojan virus? ›

        Unfortunately your other choices are limited, but the following steps may help save your computer and your files.
        1. Call IT support. ...
        2. Disconnect your computer from the Internet. ...
        3. Back up your important files. ...
        4. Scan your machine. ...
        5. Reinstall your operating system. ...
        6. Restore your files. ...
        7. Protect your computer.

        How do I get rid of Trojan killer? ›

        Most of the computer programs have uninstall.exe or uninst000.exe in their installation folders.
        1. Go to the installation folder of Trojan Killer. Most of the times it is located in C:\Programs files or C:\Program files(x86)
        2. Double click the file to start the uninstallation process.

        Can a Trojan virus destroy your computer? ›

        Trojan attacks have been responsible for causing major damage by infecting computers and stealing user data. Well-known examples of Trojans include: Rakhni Trojan: The Rakhni Trojan delivers ransomware or a cryptojacker tool—which enables an attacker to use a device to mine cryptocurrency—to infect devices.

        Top Articles
        Latest Posts
        Article information

        Author: The Hon. Margery Christiansen

        Last Updated:

        Views: 6042

        Rating: 5 / 5 (70 voted)

        Reviews: 93% of readers found this page helpful

        Author information

        Name: The Hon. Margery Christiansen

        Birthday: 2000-07-07

        Address: 5050 Breitenberg Knoll, New Robert, MI 45409

        Phone: +2556892639372

        Job: Investor Mining Engineer

        Hobby: Sketching, Cosplaying, Glassblowing, Genealogy, Crocheting, Archery, Skateboarding

        Introduction: My name is The Hon. Margery Christiansen, I am a bright, adorable, precious, inexpensive, gorgeous, comfortable, happy person who loves writing and wants to share my knowledge and understanding with you.