Mysterious XP reboot -- same time, two nights in a row

SUMMARY:  For two nights in a row, my Win XP SP3 computer has rebooted between 10:30 and 12:00 midnight ... and, on power up, has given weird (to me) MAC DHCP error messages (which I should have copied down, and didn't).  

DETAILS:  Because of a graphics card problem, I log off my computer, rather than shut it down.  I work in a home office environment, and am accustomed to logging off at 10:30 p.m. or so and then seeing the log on prompt again in the morning when I return to work.

The night before last, at almost midnight, I happened to notice that the mouse light wasn't lit.  I turned on the monitor and, surprise surprise, the computer had rebooted.  I was looking at the computer's power-on password prompt, rather than the Win XP log on prompt ... even though the computer gets power through an APC UPS.

"That's odd," I thought, and entered the power-on password ... and then scratched my head as weird (to me) messages related to "MAC address" and "DHCP client" filled the screen.

I soft rebooted; same thing.  My computer wasn't loading Win XP.  It was delivering these messages related to MAC address and DHCP client.  

I turned the computer physically off, then restarted ... and this time the computer loaded Win XP normally.

"What a weird glitch," I thought, and resolved to forget about it.

Last night, AT APPROXIMATELY THE SAME TIME, the same thing happened.  No mouse light, I turn on the monitor, and there's the prompt for the power-on password: the computer has once again rebooted, despite the UPS.  *And*, when I entered the power-on password, the screen once again filled with messages related to MAC address and DHCP client ... and I had to turn the power off and on to get it to boot normally.

I have checked the event logs, but am not knowledgeable enough to interpret them.  I can look for specific messages, if anyone thinks I should.

I have some reasons to have security concerns about this computer, and my work environment.  I don't regard myself as a prime target, but it's not impossible or especially unlikely that someone would go to special trouble to try to break in to the box.   Still, I would look for other causes first:  like a motherboard problem, if anyone thinks I have one.  

I unplug the net cable connecting the cable modem to the Internet at night, so -- other than the power cable to the UPS -- there is no other physical link between my computer and the outside world.  I don't have a WIFI card.  The cable modem -- when plugged in -- is connected to the computer via a Linksys hardware router.  (But, the cable to the NET was unplugged both times these mysterious reboots occurred).

I am careful about spyware and anti-viruses, but not zealous.  I run Kaspersky AV.  

That's all I can think of posting!  Help will be much appreciated.  


adams_timothyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

quantumshiftCommented:
Hi,
  Without details of the error I would suggest the following:

1. Virus / Spyware scan and check for any security compromise
2. Check Motherboard/event viewer for hardware errors
3. Check if a new update has been installed which requried an automatic update and if the update service is set to install a few minutes before the rebooting time
4. Check/disable power management as this can cause reboot if improperly configured or faulty.
0
youngrmyCommented:
Sounds like you may be having a harddrive issue. 1 st Backup anything that you may not want to lose.  You Harddrive is going to crash soon. The reason why you are seeing those MAC address and DHCP setting in a DOS windows is because your system is attempting to boot from a network device because no other boot devices can be found at the moment. Before you replace the drive though it will be very important to disable your power on password before replacing your drive, The power on password is stored on the Harddrive and if the Harddrive goes you will no longer be able to get into your system even with a new drive, Unless you replace your motherboard.

99.9% positive on this.
0
adams_timothyAuthor Commented:
Quantumshift and youngrmy, thanks for writing!

Quantumshift, can you tell me what I could look for in the event viewer that would indicate a hardware error there?  And how can I check/disable power management?

And youngrmy, I'll replace the hard drive if I must -- but I hope you won't mind if I put out an all-call to everyone else leading this:  do you share youngrmy's opinion?  Does it look like my hard drive is going south?  

And what would you recommend to test the hard drive first?  It's behaving just fine in all other respects, and is a SCSI 15K drive about two years old.  
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

☠ MASQ ☠Commented:
Just a thought - have you got automatic updates switched on?  Normally the default time for install is around 03:00 but your cable is disconnected then.  This could give you reboots happening every night there's an update downloaded and about the same time.
0
quantumshiftCommented:
Hi,
  OK, at the risk of being overcautious you can never be too careful and if your hard drive has valuable data then I would also reccommend ensuring you have a full and up to date backup of the hard disc because I am in agreement that a hard disc drive could be at fault, equally it could be some of the other culprits but a backup is always a good place to start anyway.
  To check/disable power management, enter the PC's BIOS setup (reboot and press a key normally F1 / F2 when prompted) then locate Power Management settings or system settings and disable it or check the type being used eg. ACPI. Reboot PC and enter windows then choose Power Settings in Control Panel and check it matches or disable it completely. I would suggest disabling it unless you really need it. Then go to Event Viewer by Right-Click My Computer icon and choose manage. Then click Event Viewer and choose system. Search for any errors around the time before the reboot.
  Hopefully this will be helpful.
0
quantumshiftCommented:
Yes as I mentioned the updates are a high contender on list of culprtits for reboots. Has SP3 just instaleld?
0
kadadi_vIT AdminCommented:
Also Plelase check the Power supply ( SMPS ) FAN  of your machine and APC UPS having the problem and may be RAM ( Memory) and CPU heating Problem.Due to overheated its reatarting your pc.....may be...?

Regards,
vijay kadadi
0
adams_timothyAuthor Commented:
Thanks again for the responses.

I checked control panel --> Automatic Updates -- > and they are on, but the download time is 10:00 a.m.  I'm guessing I set this to 10:00 a.m. a long time ago.  I've had SP3 for a long time.  

Kadadi_v, I've got an HP utility that lets me check system temps.  It indicates that the CPU Fan Speed and Chassis Fan Speed are OK -- 1465 RPM and 1137 RPM, respectively.  My CPU temp is 58 C and the Ambient Temp is 34 C.    FWIW, these reboots have both occurred at night, when it's coolest here.  

I do have up to date hard disk backups.  But I would like to know if others share the view that the hard disk may be going bad.  
0
adams_timothyAuthor Commented:
Also, can anyone suggest what I can look for in the event viewer?   I can check application, security or system logs ... but don't know how to interpret what I see there.
0
youngrmyCommented:
I don't mind at all, some possible good news is that most scsi drive are covered with a three - 5 year warranty , so you may want to check that out in advance. The other possibility, (now knowing that the drive is Scsi) is that you may want to consider update or flash the bios both on your System an your SCSI card.
0
Wayne BarronAuthor, Web DeveloperCommented:
For the heck of it. (Doubt you find anything but the norm)
Check to make sure that there is no task that is having to reboot the system at that time.

Start | Programs | Accessories | Tools | Scheduled Tasks

The only way one have been put in without your knowledge would be by a 3rd party deal.
(Virus, malware of other entitiy) (or) a program that you might have recently installed.

Carrzkiss
0
adams_timothyAuthor Commented:
Well, under scheduled tasks I've got:

Google Software Updater
GoogleUpdateTaskMachine
GoogleUpdateTaskUser (with a long key code)

but none of these indicate a requirement to reboot.

I just did a warm reboot and it didn't give me any of the DHCP / MAC address messages.  I've seen those messages only in the past two nights, when this problem occurred.  

Wondering if I should take a 'wait and see' approach, while keeping everything backed up.
0
youngrmyCommented:
That may be A OK to do as long as you have evrything you need backed up,  I would highly recommend that you remove the Power on Password though.  
0
adams_timothyAuthor Commented:
I checked with HP, and was assured that the power on password is *NOT* stored on the hard disk.  It's in the BIOS.
0
nobusCommented:
you can alsways test your disk with the diag you need from  : http://www.tacktech.com/display.cfm?ttid=287
just to be sure...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nobusCommented:
also, check in the bios if the S.M.A.R.T. is enabled
0
quantumshiftCommented:
Hi,
  One other thought, it is possible that your PC is receiving a blue screen error then rebooting automatically. It would be worthwhile turning off the automatic restart on system errors option in Control Panel, then System then Advanced Start Up and Recovery Settings and ensure the "automatically restart" option is not selected. This will ensure you see any error message without the PC otherwise rebooting automatically whenever it happens. Device drivers can often cause this so I would run sfc to check your PC. You can do this by clicking start, then run, then typing sfc /scannow
0
quantumshiftCommented:
In the event viewer you can see if the above is happening. Just go to System events and look for errors. You are looking for a STOP error. If any appears, around the time you mention or recently, please post the error details.
0
nobusCommented:
and check for any minidumps
0
CallandorCommented:
Do you have anything powering on after 10:30pm?  The fact that it happens regularly and it knocks your pc out might mean something is turning on in your house that induces a reset of this machine.  If power on the outlet goes out or is too low, your UPS may be kicking in, running out of power and forcing a shutdown, then gets recharged afterwards.
0
adams_timothyAuthor Commented:
First, thanks for the responses, and I'm sorry it took me a bit longer than usual to log in to experts-exchange and update this thread.

The mysterious reboot *didn't* happen last night.  No idea why.  

Nobus, thanks for the link for disk diagnostics.  I DLd one and just finished running a few short tests.  The HD appears to be fine.  Drive temp is 41 C, for what that's worth.  

Quantumshift, I checked the System log, and couldn't find any stop errors.  In fact -- and this mystifies me, and shows my lack of knowledge of how to read these logs -- I couldn't find anything at all to indicate that the computer had rebooted!  I log out when I'm done for the day, as noted, but Windows XP is still running.  I had expected some 'abnormal termination' type error ... but no dice.  

As for minidumps:  do I just search for the word 'minidump' in the system log?  Or would there be another label to look for?  

I checked c:\windows\minidump, and the latest files are February, 2009.

Callandor, to my knowledge nothing is powering on after 10:30.  I ran a test on the UPS, and it passed.  Battery indicates 100% charge.  

I'll be very curious to see if it happens again tonight, and/or tomorrow night.  
0
nobusCommented:
>>  and the latest files are February, 2009. <<   seems there are none generated; so it is not a system error   .
can be a sudden shutdown.
0
adams_timothyAuthor Commented:
The mysterious reboot hasn't reoccurred since my last post.  So far, it's happened twice:  on the night of 5/26, and again on the night of 5/27.  The second occurrence prompted me to start this thread.   I've restarted the computer a few times, and haven't seen the DHCP or MAC address messages.  

I'd like to ask again about the possibility that someone tried to hack into the box.  If this is completely off-the-wall unlikely, *please* don't hesitate to tell me so.  I'll stop considering the possibility.  But a potential crack-in attempt was the first thing I thought of when I looked at the monitor on 5/26, and saw those DHCP and MAC address messages that appeared to be related to a network log in attempt.  And, the same thing happened the very next night, at the same time.  

Here's how I speculate that it just might have happened ... and again, if you think that this is waaayy out of the realm of the probable, please share your view:

(1)  Someone sends me an attachment that installs a code snippet on my computer to trigger a reboot in the late night hours, when the computer will be unattended.

(2)  When the computer reboots, another code snippet kicks in to log it into an AC power network.  (Or would have kicked in, had it not been for the power on password).  I compute in a large building, with 100 plus tenants.  

Is this possible, or totally far fetched?  I know very little about networking, as this question may indicate.  The AC power network would have had to work through my APC UPS.

I'll emphasize:  if you just can't see a crack-in attempt happening this way, please tell me so.  But if you can, I want to know.  
0
CallandorCommented:
Sounds too far fetched - how can they know how to hack into your power network, without knowing specifics of OS and hardware configuration?  It's only in the movies that someone sends a virus that can jump to a totally different system.  If you have a dedicated router, check the router logs for any unusual activity during those times.
0
quantumshiftCommented:
Hi,
  I have re-read your correspondence and make the following observations.
1. I am inclined to agree with Callandor that your scenario is unlikely to be a hacking attempt however that does not mean it is not happening, so you would be wise to take adequate precautions anyway.
2. You state the network cable is unplugged at night, this would seem to discount the above hypothesis anyway.
3. You also mention that you log off your computer due to a graphics card problem. Can you elaborate on this as the PC may reboot sometimes when turning off the graphics card for power saving, or indeed the problem may be occurring due to the issue with the card itself.
0
nobusCommented:
if you have a 2nd PC around, you can test if it also happens with it.
then it could be a power problem...
0
adams_timothyAuthor Commented:
Thanks, Callandor, Quantumshift and nobus, for sharing.  I thought about it after posting and realized:  gee, if only the power cord is connected, and the power cord goes to the power supply, then a hacker would need a pretty space age type of set up to break into my computer that way.

Just the same:  I can put that scenario to one side, and go on to other likely causes.

I'm going to wait a few more days, or perhaps until early next week, to see if it reoccurs, and then close this thread and award points.
0
adams_timothyAuthor Commented:
Thanks to those who pitched in to diagnose this problem.  I may never know what caused it -- but it hasn't happened since 5/27, so I'm going to move on to other things.
0
adams_timothyAuthor Commented:
The problem hasn't reoccurred since 5/27, so -- with the mystery still outstanding -- I've divided points and will close this one out.  

If it happens again, I'll return here promptly!  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.