Spyware Scan or Antivirus Scan Causes Computer to Shut Down

Posted on 2005-04-30
Last Modified: 2012-06-27
I'm cleaning up a laptop with multiple viruses and spyware, but whenever I start a scan to remove either, the computer shuts down either immediately or within a few minutes.  This is not a problem the owner of the computer said he was having, and I believe him because it doesn't happen during normal use of the laptop.  In fact, I've now had it running for two days without it shutting down, but if I do a scan right now, it will shut down within a few minutes.

The computer does not shut down and restart, it simply clicks off and stays off until I press the power switch to turn it back on.  I've set it to not restart on system errors, but that had no effect.  Nothing shows up in event viewer that would give a clue as to what is causing it, in fact it does not even seem to notice the shut down.  I've tried a new memory stick but it did not solve the problem.  The shutdown occurs when scanning in safe mode also.  I originally thought it was shutting down when scanning a particular file or folder, but that turned out not to be the case.  Right now, the computer is about 90% rid of spyware and viruses, and is fairly useable, but I'd still like to know why a scan causes it to quit.  I used the utility to turn off DCOM, but that didn't help.  So far the different programs that cause it to shut down are: Housecall online antivirus scan, Norton Antivirus 2005, Spybot, Adaware, and Counter Spy.  CWShredder says CoolWWSearch is not on the machine.

It is a Toshiba Satellite running Windows XP Home and has 256 MB RAM.

I would appreciate any advice or suggestions as to what may be causing this.

Question by:CTSLA
    LVL 15

    Accepted Solution

    It sounds as though at least one item (virus, spyware) has enough control over Windows to force Windows to shut down if an attempt is made to remove it.   There at least three options you can try to work around this.

    1) start the laptop in safe mode (which hopefully will disable the malware that's hooked itself into Windows), then run virus and spyware scans while in safe mode.
    2) start the laptop in safe mode with network support, share the hard drive with full access on your local network, then connect to it from a PC that's properly protected and not infected, and scan the hard drive from the clean PC.
    3) remove the hard drive from the laptop, connect it to a protected, uninfected PC either internally with a 2.5" to 3.5" adapter as a slave drive OR externally in a 2.5" USB drive enclosure, and again have the second PC scan the hard drive of the laptop for viruses and spyware.  

    Options 2 and 3 are more likely to be successful because the active copy of Windows on the laptop will not be performing the scan, with 3 providing the added benefit of not booting from the infected hard drive.
    LVL 69

    Assisted Solution

    try this as well CTSLA, delete the system restore folder by disabling it.
    This Laptop may have a varient of the Qhost virus as there is now ovber 200 it comes with many different names. As you stated that you cannot access online scans seems to point to this fact>>
    go to c windows system32>drivers>etc> hosts.. to open the host file rightclick and choose open with notepad, make sure its not ticked to always do this..
    then scroll down below the hosts information to the list of web links>> and delete the web links there all of them.
    Click Start > Search.
    Click All files and folders.
    In the "All or part of the file name" box, type:
    Verify that "Look in" is set to "Local Hard Drives" or to (C:).
    Click More advanced options.
    Check Search system folders.
    Check Search subfolders.
    Click Find Now or Search Now.
    For each Hosts file that you find, right-click the file, and then click Open With.
    Deselect the "Always use this program to open this program" check box.
    Scroll through the list of programs and double-click Notepad.
    When the file opens, delete all the entries in the Hosts file except for the following line:     localhost
    Close Notepad and save your changes when prompted.

    Now see if you can access online virus scans
    here is a link for quite a lot of stand alone virus scan tools. As this website is not highly known so you may like to try their online scanner as well.
    stand alone virus removers..

    Qhosts tech specs>>

    informations about the worm "W32/Sasser":

    LVL 37

    Assisted Solution

    by:Harisha M G
    Hi @Poster,

    Try HijackThis
    And submit logfile to

    It will allow you to remove them manually..

    LVL 91

    Expert Comment

    Maybe it is time for a complete install of windows; then be sure to do a complete partititoning and formatting of the drive !
    Backup everything first !

    Author Comment

    Sorry it's taken so long to get back to this.  I did manage to get the spyware and viruses cleaned off the machine, but the shut-down  while scanning problem still exists.  Since the client never scans for anything, and she didn't feel that was a problem, she elected to take the computer as-is.  I'll go along with LeeTutor's suggestion on splitting the points.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
    If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now