Removing Shutdown Malware

[bigdogchris]

I'm working on a laptop that has some type of shutdown malware. After a minute or two of being booted a message pops up stating that the system has encountered an error and needs to be shutdown. When I try to abort the shutdown in cmd line I just get a message that a system shutdown is in progress. The happens even in Safe Mode. I've verified there are no processes/services running when this message appears.

So far I have ran Kaspersky Rescue Disk and removed everything that was found. I also attached the hard drive to another computer and scanned it with Malwarebytes, MSE and Avast. I've also ran TDSSKiller and GMER and found nothing.

Does anyone have experience with this?

*edit* Decided to wipe the system. Still looking for advice in case I see this again. Thanks.

 

[PTNL]

There's a very comprehensive sticky in this forum.

 

[bigdogchris]

There's a very comprehensive sticky in this forum.

Thanks, I know of that thread but it doesn't seem to apply for this problem. I've already tried most of those suggestions.

 

[dashpuppy]

*edit* Decided to wipe the system. Still looking for advice in case I see this again. Thanks.

this is the advice!!

 

[Shockey]

this is the advice!!

Pull the hard drive and scan on another computer an option also.

 

[PTNL]

Thanks, I know of that thread but it doesn't seem to apply for this problem. I've already tried most of those suggestions.

Interesting... Perhaps this wasn't an actual virus, but more of a prank being played on the machine's primary user.

Wipe and rebuild certainly does resolve the issue, but I think you've gone as far as possible with tracing root cause.

 

[bigdogchris]

After rebuild, the system is operating normally.

Pull the hard drive and scan on another computer an option also.

If you read my original post you would of seen I have already done this and scanned it with multiple applications.