Last Updated: 2009-01-22 16:19:07 UTC
by Lenny Zeltser (Version: 2)
An ISC reader told us that his company observed a large number of their PCs unexpectedly reboot at around 18:00 Central Time yesterday, with nothing in the event logs to show a shutdown sequence.
Is this organization dealing with a large-scale malware infection? Possibly. A malicious program could be rebooting the systems to embed itself deep in the OS, or to disable an anti-virus tool. Of course, the reboots could also be the result of a less malevolent incident, such as a bug in a benign program.
Regardless, unexpected mass reboots are certainly worth investigating. Anyone else encountering them lately?
Update: An ISC reader pointed out that a common cause of unexpected reboots without Event Log entries is a power outage. Desktops would reboot; laptops would typically stay up. Great point!