anybody have an idea how i can fix this i can only acess safe modethanks.
Full Version: Shutdown -t 00 -s -f At Desktop Startup
last night everything was working fine. then this morning i got this problem when windows xp is loading the desktop a comand prompt window pop up with the following command. "shutdown -T 00 -S -F" and my comp shutsdown anybody have an idea how i can fix this i can only acess safe mode
thanks.
anybody have an idea how i can fix this i can only acess safe modethanks.
Do you have antivirus and antispyware installed on your computer? If so run it from Safe Mode.
Go to Start>Run>Msconfig>boot.ini and tell us what you see. Copy and paste what is in the field.
Go to Start>Run>Msconfig>boot.ini and tell us what you see. Copy and paste what is in the field.
This looks the XP shutdown command. Sometimes it is used to schedule shutdowns of remote computers.
Check your scheduled tasks to see if this event is added as a task.
Click Start, and then click Control Panel.
Click Performance and Maintenance, and then click Scheduled Tasks.
If you see this task, remove it.
Let us know.
Check your scheduled tasks to see if this event is added as a task.
Click Start, and then click Control Panel.
Click Performance and Maintenance, and then click Scheduled Tasks.
If you see this task, remove it.
Let us know.
thanks guys for fast response yes i do have antivirus+firewall zonealarm did a scan and it did not help.
here is what in the boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)/windows
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="(JaN) Microsoft Windows XP Professional"/fastdetect
multi(0)disk(0)rdisk(1)partition(1)\windows="(EddY) Microsoft Windows XP Professional"/fastdetect
and nothing in scheduled tasks.
by the way my sister just told me that she downloaded spyware doctor and did a scan.
here is what in the boot.ini
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)/windows
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\windows="(JaN) Microsoft Windows XP Professional"/fastdetect
multi(0)disk(0)rdisk(1)partition(1)\windows="(EddY) Microsoft Windows XP Professional"/fastdetect
and nothing in scheduled tasks.
by the way my sister just told me that she downloaded spyware doctor and did a scan.
From the command prompt...
Type in AT
Anything listed?
Type in AT
Anything listed?
well i can try but i don't think i have time to do what so ever it shutdown immediatly after the comand is show wich is 1 sec.
Hmmm. Have you tried to run a system restore?(safe mode)
Use System Restore to Undo Changes if Problems Occur
How long has this problem been going on?
Use System Restore to Undo Changes if Problems Occur
How long has this problem been going on?
it started just last morning after runing spyware doctor computer was closed i opened it later on and i couldn't get to windows xp everytime desktop show up it dosen't fininsh loading all the other stuff comand propmt window show and execute that comand and immediatly shut off no time to to anything. this is realy weird am i the first to ever ge this? it must be soemthing with starup program that give this instruction. please guys help me fix this i don't want to format my hd or reinstall windows.
i am affraid my restor point was turned off long time ago. like when i intalled windows xp at least 3 years ago.
i am affraid my restor point was turned off long time ago. like when i intalled windows xp at least 3 years ago.
I am assuming the command is being called from somewhere, we just need to find it and get rid of it...
I already had you check the task scheduler, and we also attempted the AT command.
I am guessing the batch file(?) is being called from one of your start-up locations.
Let's check the easiest one.
From safe mode, what items do you see in the following location:
Click Start, All Programs, Startup.
We could also get you to check the Startup tab, under MSCONFIG, to see if you see a batch file being called at start-up. It will have the *.bat extension.
I already had you check the task scheduler, and we also attempted the AT command.
I am guessing the batch file(?) is being called from one of your start-up locations.
Let's check the easiest one.
From safe mode, what items do you see in the following location:
Click Start, All Programs, Startup.
We could also get you to check the Startup tab, under MSCONFIG, to see if you see a batch file being called at start-up. It will have the *.bat extension.
just a question from where you want me to run AT comand form comand prompt in safe mode what exactly i type i just open the command prompt and type in AT enter?
i checked the msconfig startup and i see drivers.bat is that it?
yep, just AT and press enter (typing AT /? will get you a description of what AT does)
i ran that command and it said "The service has not been started"?
i checked the msconfig startup and i see drivers.bat is that it hope it is.
i checked the msconfig startup and i see drivers.bat is that it hope it is.
The AT command will not work from safe mode.
I am leaning towards thinking the command is being called from that file. -drivers.bat
Uncheck the entry and reboot to see if you can get into normal mode.
Keep us posted.
Thanks.
I am leaning towards thinking the command is being called from that file. -drivers.bat
Uncheck the entry and reboot to see if you can get into normal mode.
Keep us posted.
Thanks.
The shutdown command that you noted is intended to force your system to shutdown immediately, forcing it to shutdown despite any other programs that are running. This is not a good thing! FYI - if you type SHUTDOWN /? at the Command Prompt you can see what the details of the command are.
I hope that this "trick" may help. It depends on where the "bugger" is hiding. Reboot your system and try to load Windows normally. As soon as the BIOS is finished loading, just as the loading Windows starts, press and hold the SHIFT key. This will prevent items in your Startup menu from loading. It may be the trick to get you into Windows so that you can run some of these free, online scans:
http://housecall.trendmicro.com/ - *For Internet Explorer*
http://uk.trendmicro-europe.com/consumer/h...call_launch.php - *For Firefox*
http://www.kaspersky.com/scanforvirus
http://safety.live.com/site/en-US/default.htm
http://security.symantec.com/sscv6/default...id=ie&venid=sym
http://www.bitdefender.com/scan8/ie.html
http://www.pandasoftware.com/products/activescan.htm
http://onlinescan.avast.com/
http://support.f-secure.com/ols/start.html
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Trojan scans:
http://scan.sygatetech.com/pretrojanscan.html
http://www.windowsecurity.com/trojanscan/trojanscan.asp
If you do get into Windows - download and install this free utility from Mike Lin (called StartupCPL): http://www.mlin.net/StartupCPL.shtml It will place a new item in your Control Panel called StartUp. You can use it to check your startup settings.
FWIW - I prefer this to MSCONFIG.EXE because of it's ease of use - but you can do much the same thing from MSCONFIG.EXE.
The point is to locate the startup entry that has "shutdown" in it, and delete it!
I hope that this "trick" may help. It depends on where the "bugger" is hiding. Reboot your system and try to load Windows normally. As soon as the BIOS is finished loading, just as the loading Windows starts, press and hold the SHIFT key. This will prevent items in your Startup menu from loading. It may be the trick to get you into Windows so that you can run some of these free, online scans:
http://housecall.trendmicro.com/ - *For Internet Explorer*
http://uk.trendmicro-europe.com/consumer/h...call_launch.php - *For Firefox*
http://www.kaspersky.com/scanforvirus
http://safety.live.com/site/en-US/default.htm
http://security.symantec.com/sscv6/default...id=ie&venid=sym
http://www.bitdefender.com/scan8/ie.html
http://www.pandasoftware.com/products/activescan.htm
http://onlinescan.avast.com/
http://support.f-secure.com/ols/start.html
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Trojan scans:
http://scan.sygatetech.com/pretrojanscan.html
http://www.windowsecurity.com/trojanscan/trojanscan.asp
If you do get into Windows - download and install this free utility from Mike Lin (called StartupCPL): http://www.mlin.net/StartupCPL.shtml It will place a new item in your Control Panel called StartUp. You can use it to check your startup settings.
FWIW - I prefer this to MSCONFIG.EXE because of it's ease of use - but you can do much the same thing from MSCONFIG.EXE.
The point is to locate the startup entry that has "shutdown" in it, and delete it!
nice yeah it worked 
it was Drivers.bat now how do i remove that sucker from my hd? did a search and did not find anything.
it was Drivers.bat now how do i remove that sucker from my hd? did a search and did not find anything.
Use the StartupCPL program to find it.
Get all the information from the screen that you can find about it (to find the actual culprit later) - then delete it from StartupCPL.
Then run the online scans from my previous post to identify and hopefully remove it.
If that doesn't get it, the read the instructions on this forum on how to make and post a HiJackThis logfile: http://www.bleepingcomputer.com/forums/forum22.html
Get all the information from the screen that you can find about it (to find the actual culprit later) - then delete it from StartupCPL.
Then run the online scans from my previous post to identify and hopefully remove it.
If that doesn't get it, the read the instructions on this forum on how to make and post a HiJackThis logfile: http://www.bleepingcomputer.com/forums/forum22.html
Awesome, glad that part worked. You still need to get rid of the batch file. Follow usasma's advice. Once you get rid of the batch file, change MSConfig back to load everything. MSCONFIG should only used for diagnostic purposes.Again, keep us posted.
thanks alot guys realy appreciate your help.
Drivers.bat was on my 2nd hd that why i could not find it.
Great! I'm glad that you found it!
Did it delete?
Also, some of these "buggers" can re-spawn themselves. So keep an eye out for it in case it happens again. In that case, do the same stuff for a Temp fix - then post a HiJackThis log in HiJackThis forums.
Did it delete?
Also, some of these "buggers" can re-spawn themselves. So keep an eye out for it in case it happens again. In that case, do the same stuff for a Temp fix - then post a HiJackThis log in HiJackThis forums.
yeah i got rid of it. but how i deleete it from startup i can only disable it.
If you're using StartUpCPL - just right click on what you unchecked. One of the options will be to Delete. That will put it in the Deleted Items tab - then, if you want, you can delete it from there.
(This is one of the reasons that I prefer StartUpCPL over MSCONFIG.EXE)
(This is one of the reasons that I prefer StartUpCPL over MSCONFIG.EXE)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.