Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Computer Keeps shutting off and on on it's own.

Apr 19, 2020 4:57PM PDT

I am pretty hopeless here, this is a recurring problem for about a year, i keep fixing it for a few months and it keeps coming back, I don't know what to do, my pc simply decides out of nowhere to close all applications and says "shutting off" sometimes with a prompt to cencel.
if i cencel, i earn myslef a few more minutes before it does it again.
when it shuts off, after like 10 minutes it starts itself on its own and shuts down over and over, until at some point it lets me get an hour or so of normal pc time until it does it's thing again.
things i did already: change power cable, change power unit, change motherboard, format, change ssd, all those electricity concumption settings.
I don't know what else to do, it worked just fine until now since I changed both motherboard and ssd a few months ago to fix this exact problem.

Discussion is locked

- Collapse -
Answer
With so little to work with.
Apr 19, 2020 5:00PM PDT
- Collapse -
should i
Apr 19, 2020 5:36PM PDT

should i use this shutdown guard thingy to keep my pc from shutting down while i do it? im pretty positive its not an overheating problem.

- Collapse -
Your choice.
Apr 19, 2020 5:43PM PDT

But there was a worm that would shutdown PCs long ago. How sure are you there is no worm, trojan, malware or such on this PC?

Looking at the reports now.

- Collapse -
i did a scan with malwarebyte
Apr 19, 2020 5:48PM PDT

i did a scan with malwarebyte, it revealed some kmspico files, i don't wanna touch that but it did show some things that might say something.
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/19/20
Scan Time: 10:34 PM
Log File: b88ab196-8274-11ea-8534-1c1b0db56206.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22664
License: Trial

-System Information-
OS: Windows 10 (Build 18362.77Cool
CPU: x64
File System: NTFS
User: JETSPARKER\Owner

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 309220
Threats Detected: 26
Threats Quarantined: 0
Time Elapsed: 1 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,

Registry Value: 3
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AUTORUN, No Action By User, 4028, 756081, 1.0.22664, , ame,
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, No Action By User, 4028, -1, 0.0.0, , action,
Trojan.BitCoinMiner.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WMS\PARAMETERS|APPPARAMETERS, No Action By User, 3793, 723556, 1.0.22664, , ame,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,

File: 14
Trojan.BitCoinMiner.E, , No Action By User, 3793, 723556, 1.0.22664, , ame,
HackTool.KMS, C:\WINDOWS\SYSTEM32\TASKS\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, C:\PROGRAM FILES\KMSPICO\AUTOPICO.EXE, No Action By User, 1276, 769804, 1.0.22664, , ame,
HackTool.Agent.KMS, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, No Action By User, 7579, 700614, 1.0.22664, FE127395B1E1F2D763AB8611, dds, 00683360
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002499.log, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002501.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

- Collapse -
uhmm
Apr 19, 2020 5:54PM PDT

it doesnt seem to let me put all the test results here
but it looks like it says something about bitcoin miner, bunch of files by kmspico which i dont wanna touch, and something trojan.
but thats weird since i run avast all the time, and it also didnt find anything on its test

- Collapse -
Both reports call out the Seagate as problematic.
Apr 19, 2020 5:52PM PDT

You should be seeing issues with random delays or worse.

1. The ST4000DM004 in both reports tell us it's in trouble. Unplug for now to save it for later as you arrange for a replacement.

2. DAEMON Tools Lite - Remove for now. Very optional.
The idea here is to simplify the PC.

The BIOS is current, heat seems to be nominal so I'd scan for malware and unplug the Seagate then retest.

- Collapse -
how can I send you
Apr 19, 2020 5:57PM PDT

how can I send you the results for the scan, seems to be too long for this reply box

- Collapse -
test results test
Apr 19, 2020 6:13PM PDT

Registry Key: 7
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\, No Action By User, 3793, 723556, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
HackTool.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7472B602-7C7A-4D4B-A5A5-5170D8B64389}, No Action By User, 1276, 769804, , , ,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,
PUP.Optional.NovaRambler.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, No Action By User, 370, -1, 0.0.0, , action,

Registry Value: 3
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AUTORUN, No Action By User, 4028, 756081, 1.0.22664, , ame,
Trojan.BitCoinMiner.COMSPECRST, HKU\S-1-5-21-32607050-3764378424-1887730265-1001\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, No Action By User, 4028, -1, 0.0.0, , action,
Trojan.BitCoinMiner.E, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WMS\PARAMETERS|APPPARAMETERS, No Action By User, 3793, 723556, 1.0.22664, , ame,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, No Action By User, 370, 493310, , , ,

File: 14
Trojan.BitCoinMiner.E, , No Action By User, 3793, 723556, 1.0.22664, , ame,
HackTool.KMS, C:\WINDOWS\SYSTEM32\TASKS\AutoPico Daily Restart, No Action By User, 1276, 769804, , , ,
HackTool.KMS, C:\PROGRAM FILES\KMSPICO\AUTOPICO.EXE, No Action By User, 1276, 769804, 1.0.22664, , ame,
HackTool.Agent.KMS, C:\PROGRAM FILES\KMSPICO\KMSELDI.EXE, No Action By User, 7579, 700614, 1.0.22664, FE127395B1E1F2D763AB8611, dds, 00683360
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002499.log, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\002501.ldb, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, No Action By User, 370, 493310, , , ,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,
PUP.Optional.NovaRambler.ChrPRST, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, 370, 493310, 1.0.22664, , ame,

- Collapse -
Oh by the way
Apr 19, 2020 6:34PM PDT

this hard drive you are talking about i bought from my technitian when we resolved the problem the first time, meaning it was still happening prior to me having it.

- Collapse -
the "viruses"
Apr 19, 2020 6:36PM PDT

there are alot of things that malwarebyte call bitcoin miner trojans that are kmspico stuff, i dont know if i should touch that, or my windows wont work.

- Collapse -
KMSPICO is an activator and often
Apr 19, 2020 7:26PM PDT

Includes trojans and malware. I think you've found the bad things.

What you do about this is up to you but there is no cure for KMSPICO short of installing a clean Windows 10 and skipping activation, activators and it's malware.

Hope you never did any banking on this PC!

- Collapse -
I got that other information.
Apr 19, 2020 11:42PM PDT

Sadly typical of what we see with "cracks" and "activators." That is to say, I'm not surprised at all with your initial complaint. How you proceed is up to you but no one I know would try to keep the KMSPICO and it's brethren.

- Collapse -
the thing is
Apr 20, 2020 2:04AM PDT

there is this other problem where its trying to reboot itself on its own after like 10 minutes, what makes me think its a hardware or electricity thing, or some weird mojo. even if in the one shutting it down, afr
ter like 10 minutes it will try and boot again

- Collapse -
Seems a shame to suspect hardware
Apr 20, 2020 3:11AM PDT

When there are clear signs of trojans, cracks and more at play here.

Sounds like you want it to be an expensive fix.

- Collapse -
ok, update
Apr 21, 2020 1:05AM PDT

I know its allways the easy thing is blaming it on cracks and viruses, but, it just didnt seem right because its a reccuring problem, it cant be it. so I thought, what was the only thing I didnt replace, my case!, so i replaced reset sw with power sw to see if now it will reset instead of powering off, and it did. so now I disattached the power button completely, and left the reset button on power control. we'll see what's going on but i think i solved it. I'll update

- Collapse -
Thanks.
Apr 21, 2020 9:19AM PDT

Look at all the data you supplied above and where would one think it was a button?

Good if it fixed it but still you have BITCOIN miners and what else haunting this PC. I would not allow such at home or office.

- Collapse -
Yes That worked
Apr 22, 2020 1:44AM PDT

my pc is completely fine now.
I figured since its a recurring problem and i allready formated my pc and switched ssd also, then it can't be a software thing. it has to be something i didnt replace.
so the technician helped me with my idea and told me to switch between the two buttons to see if it restarted, and it did, so i pulled the power button away from any control and now my pc works just fine. thanks anyway my bro, but if i would've listned to you and my technician all the time instead of my heart I would've formatted my pc for ever and ever until the end of time.

- Collapse -
Answer
quit kicking the cord
Apr 20, 2020 1:28AM PDT

might be loose in the wall socket.

- Collapse -
Answer
maybe the CPU is overheating
Apr 20, 2020 10:36PM PDT

If its shutting itself down, it may indicate that the CPU is overheating. The shutdown is a way of the CPU protecting itself from damage. I had a problem similar to this a while ago. I suspected that overheating was the problem so I opened it up and discovered that the heatsink wasnt sitting correctly on the CPU.
Once I'd repositioned it, i never had another problem.

This is one suggestion but there may well be other reasons. Theres probably lots of other people on this forum who have more expertise than me so if you have no joy with this, come back to see if theres more reponses