Computer SHutting Down Suddenly, Not Power Issue

Hi. My computer has a problem, and I hope someone can help. I am running Windows 7 Ultimate. I reinstalled it a week or two ago, and am not sure if it has managed to acquire all of the updates (due to the problem I will discuss below).

About 6 weeks ago my computer installed an automatic update from Mozilla Firefox. (That is what the update notice said, but I wonder if it was not some sort of malware attack pretending to be Mozilla.) From that time the computer started acting strangly. (I went into Mozilla's forum, but the best I could get from anyone there was that the update might be exacerbating a malware-induced situation, but the symptoms do not ring a bell with anyone. They said that the malware should not have come from an authentic update, but, as I said, it updated itself spontaneously, without asking me to update it.)

First Firefox started freezing (screen goes white and everything stops) and/or crashing/shutting down. Then it progressed to the computer itself. The computer started shutting down without warning and for no reason. (CPU was not abnormal, and I have not added any new hardware or software, or changed any settings.)

Recently the shutting down has gotten so bad that it does not stay up long enough for me to check the MajorGeeks archives.

The first thing I thought to do was run the various virus/malware scans (I have Avast, Malwarebytes, Spybot, and Super, and also there is a McAffie quick scan, and also downloaded Dr. Web), but it shuts down before these scans can finish.

Running a Boottime scan (which Avast provides) is also impossible -- it shuts down before the scan finishes.

Entering safe mode and trying to scan is impossible, because it shuts down before any scan can run.

I thought it might be a power issue, so I replaced the power yesterday, but nothing changed.

This shutting down has already destroyed the old C drive, and an external hard drive ("My Book").

I have tried everything I can think of, but nothing works, and, as I said, I am not able to run any kind of scan. Also, I am going blind (cataracts), so it is difficult for me to read long articles. Since the replacement of the power did nothing, I am pretty sure it must be some kind of malware issue.

Can anyone suggest anything I might try? With simple instructions of what to do, please -- as I said, I am not able to see well.

I am sorry if this kind of issue has already been discussed, but I am not able to search the archives. I am composing this on an old laptop that is not able to access the internet (so I can quickly copy and paste it into a new thread). I do not have access to any other computer, and live so far out in the Styx that there are not even any places I can go to where I could rent a computer. (The maximum length of time that this machine stays up is maybe 15 minutes, but sometimes it shuts down in a matter of 2 or 3 minutes; there is no pattern, and nothing that I can see to blame the behavior on.)

Any help or suggestions would be very, very much appreciated. Thank you all for your time. Please have a good day....

-- Daniel M. Burkus

Oh, one other possible symptom: when I shut the computer down, or it shuts down itself, rather than the monitor going black, it shows patterns and colors, and a little red box moving around that says "burning". This started about the same time as the other problems.

 

Thank you for your reply, and suggestions. It is a first step.

Here is an update (assuming I can get online to post this -- I am writing this on my laptop, as before, because the PC is down). I ran the five anti-malware programs indicated in the recommended post, in the order they were listed. RogueKiller found two PUMs. Malwarebytes found a problem with some files associated with GomPlayer (whereupon I uninstalled GomPlayer). The TDK found nothing, and the other two also did not indicate anything special (that I can recall).

Since I know that things often seem cured when in fact they are not, I did not immediately post a "cured" message to this thread. And, since Windows had been reinstalled (which apparently did not get rid of the malware -- I asked the person who did the reinstall to completely format the drive first, but suspect he did not do so), I decided to set the machine up since that has never been done since Windows was reinstalled. (In addition to Avast, Spybot, Malwarebytes, and Super-antivirus, this included installing several other programs: Mozilla Firefox with several add-ons [Flash Video Downloader, CacheViewer], uTorrent, WinAMP, MediaPlayer Classic and the K-lite Codec Pack, eRight's Super video converter, VirtualDub, XP Paint, Paint.NET, Hangul Word Processor 2002 [the wordprocesser I need to use for my translation work], Irfanview, and I believe that's all.)

Some time later the machine suddenly shut down again. When I got it to start up again I started running the recommended five anti-malware programs. RogueKiller found 4 PUMs, which I deleted. When Malwarebytes was running, the machine shut down. I entered Safety Mode and tried to run Malwarebytes, but again it shut down. So I left the machine off all night.

This morning shortly after I turned it on Avast indicated it had found a potential rootkit, which it quarantined and recommended a reboot and subsequent boot-time scan, which I allowed.

The boot-time scan failed -- the machine shut down -- before it could finish.

When I got the machine to restart, I tried to run TDK, but it said the definitions were not up-to-date and wanted to download and reinstall the newest definitions (which I allowed). When I tried to unzip the file, the computer shut down.

Because RogueKiller is self-contained and seems not to need to be connected to the internet to run, I ran it on a laptop I have which has never been able to connect to the internet (there are drivers missing and I am not able to find what they are) just to check something. This laptop has only the programs installed on it which I need for my work (WinAMP, MediaPlayer Classic and the K-lite Codec Pack, eRight's Super video converter, VirtualDub, XP Paint, Paint.NET, Irfanview, and the Hangul Word Processor 2002). RogueKiller found several PUMs, which appear to be associated with my programs, and so should not be dangerous (I have used these programs for many years, and this laptop has no performance or other issues at all, other than the missing drivers, which were missing before I installed any of these programs).

Back to the PC. If I am able to post this, it means that after the machine sits for a while I will be able to start it up again and keep it running for at least a while before it shuts down (this was the situation before, and, as mentioned before, the length of time it was able to run seemed related to how long it had been off -- the longer it had been off, the longer it could run before suddenly shutting down: which was what made me suspect a power/hardware problem, though that does not appear to have been the case). Suggestions as for what to do from this point would be very welcome.

Oh, one other question: one of the anti-malware programs (I think it was RogueKiller) created a folder on my desktop that contains folders or shortcuts associated with myself (the only user/administrator) and all the programs and files that I own/use, and another containing the quarantined files. Can these things be deleted or should they be saved? It appears that they can not be moved from the desktop other than to delete them.

Thank you for the previous suggestions. At the very least, this does tend to confirm my suspicions that this is a malware infection. Now the problem remains how to get rid of whatever it is that is causing the trouble. Please have a good day.


-- Daniel M. Burkus

 

Ok, here is an update (assuming I can get online to post this -- I am writing this on my laptop, as before, because the PC is down). I ran the five anti-malware programs indicated in the recommended post, in the order they were listed. RogueKiller found two PUMs. Malwarebytes found a problem with some files associated with GomPlayer (whereupon I uninstalled GomPlayer). The TDK found nothing, and the other two also did not indicate anything special (that I can recall).

Since I know that things often seem cured when in fact they are not, I did not immediately post a "cured" message to this thread. And, since Windows had been reinstalled (which apparently did not get rid of the malware -- I asked the person who did the reinstall to completely format the drive first, but suspect he did not do so), I decided to set the machine up since that has never been done since Windows was reinstalled. (In addition to Avast, Spybot, Malwarebytes, and Super-antivirus, this included installing several other programs: Mozilla Firefox with several add-ons [Flash Video Downloader, CacheViewer], uTorrent, WinAMP, MediaPlayer Classic and the K-lite Codec Pack, eRight's Super video converter, VirtualDub, XP Paint, Paint.NET, Hangul Word Processor 2002 [the wordprocessor I need to use for my translation work], Irfanview, and I believe that's all.)

Some time later the machine suddenly shut down again. When I got it to start up again I started running the recommended five anti-malware programs. RogueKiller found 4 PUMs, which I deleted. When Malwarebytes was running, the machine shut down. I entered Safety Mode and tried to run Malwarebytes, but again it shut down. So I left the machine off all night.

This morning shortly after I turned it on Avast indicated it had found a potential rootkit, which it quarantined and recommended a reboot and subsequent boot-time scan, which I allowed.

The boot-time scan failed -- the machine shut down -- before it could finish.

When I got the machine to restart, I tried to run TDK, but it said the definitions were not up-to-date and wanted to download and reinstall the newest definitions (which I allowed). When I tried to unzip the file, the computer shut down.

Because RogueKiller is self-contained and seems not to need to be connected to the internet to run, I ran it on a laptop I have which has never been able to connect to the internet (there are drivers missing and I am not able to find what they are) just to check something. This laptop has only the programs installed on it which I need for my work (WinAMP, MediaPlayer Classic and the K-lite Codec Pack, eRight's Super video converter, VirtualDub, XP Paint, Paint.NET, Irfanview, and the Hangul Word Processor 2002). RogueKiller found several PUMs, which appear to be associated with my programs, and so should not be dangerous (I have used these programs for many years, and this laptop has no performance or other issues at all, other than the missing drivers, which were missing before I installed any of these programs).

Back to the PC. If I am able to post this, it means that after the machine sits for a while I will be able to start it up again and keep it running for at least a while before it shuts down (this was the situation before, and, as mentioned before, the length of time it was able to run seemed related to how long it had been off -- the longer it had been off, the longer it could run before suddenly shutting down: which was what made me suspect a power/hardware problem, though that does not appear to have been the case). Suggestions as for what to do from this point would be very welcome.

Oh, one other question: one of the anti-malware programs (I think it was RogueKiller) created a folder on my desktop that contains folders or shortcuts associated with myself (the only user/administrator) and all the programs and files that I own/use, and another containing the quarantined files. Can these things be deleted or should they be saved? It appears that they can not be moved from the desktop other than to delete them.

Thank you for the previous suggestions. At the very least, this does tend to confirm my suspicions that this is a malware infection. Now the problem remains how to get rid of whatever it is that is causing the trouble. Please have a good day.


-- Daniel M. Burkus

 

Sorry, I am not sure why this is posted twice. I tried to post an update. Just tried again...hopefully it will show up soon.

I just ran TDSSKiller once again, with all the stops pulled out, and it found something. "Unsigned file, Service: oem-drv86, Suspicious object, medium risk." This (I believe) is the same object that Avast has found (twice), the removal of which caused the PC to shut down.

Adding this now, since I will tell TDSSKiller to destroy the object, and may well be shut down again.

Please refer to my update (which should either precede or follow this message). Thank you all very much for your help.


-- Daniel M> Burkus

 

Thank you for your help. Sorry, I can not see with my left eye and my right eye is getting really bad. It is difficult for me to read long passages of text.

Of the five suggested scans, I was only able to run three: RogueKiller, TDSS, and HitmanPro. Neither MalwareBytes nor MGTools would launch in ordinary mode (the PC shut down immediately), and while both could be launched in Window's Safe Mode, the PC ultimately shut down before either scan could finish. MalwareBytes shut down when it was working through the Registry part of the scan, and I am not sure where MGTools was (high-contrast pages are particularly difficult for me to see).

I hope the three scans whose reports are attached willl give some direction. I look forward to your next suggestion(s) whenever you are free to make them. (I should mention that I have to go out of town tomorrow, and will return here in the afternoon of the day after, so perhaps you can take your time about replying.)

Thank you, again, for your assistance. Please have a good day.


-- Daniel M. Burkus

 

I tried to run it several times. The first time it shut down while "finding copies of..." The next time it got as far as GetRunKey. When Windows asked permission to allow the program to edit the Registry, I pushed yes, and it kept bouncing back and forth until the machine shut down. I am attaching the zip file you requested.

It is night over here, and I am going to be turning in in an hour or so. I will check before I do so, and if nothing, I will look tomorrow morning before I leave.

Thank you, again, for your help. And for using the purple text. It ws really easy for me to read. Please have a good day.

-- Daniel M. Burkus

 

Thank you for your reply. I removed McAfee Security Scan Plus and Kaspersky Security Scan. TuneUp Utilities 2014 (which a student installed a couple of weeks ago when the PC started getting really bad) I removed several days ago, and nothing is in the Control Panel, so if there is a trace I do not know how to get rid of it.

Anyway, I tried to run the scan, but it continued to cycle between the permission request and desktop. The first time that shut the computer down. I tried it again, but was able to log off and on so I could type this message.

As I said before, Malwarebytes, too, failed when it tried to access the Registry.

I have to go and pick up something from the office now. I will be back in an our or so, and will leave here for my trip around 11:00 AM (it is 8:50 AM now). Maybe time to run one scan or something between the time I get back and when I have to leave.

Thank you, again, for your time, and help. Please have a good day.

-- Daniel M. Burkus

 

Thank you for your reply. I returned just now.

Before going to the software forum -- I do not really know what to post there -- let me ask you one thing: do you think it would be good to take the hard drive out of this machine, hook it up to the lap top, completely reformat the drive, and then reinstall Windows from scratch? I will wait for your reply before doing anything further.

Again, thank you very much for your time, and for taking the time to try to help. Please have a good day.

-- Daniel M. Burkus