The other day I noticed a small pop up on the monitor. (I should have written things down, but) I think the topmost (blue) window bar said "System Shutdown". The message was along the lines of 'due to a security problem ... the system will shut down in 45 seconds. To save your work, close open apps ...' I did write down "error 128" and "NT Admin\Shutdown".

I can't find a folder called "NT <anything>". I can't find an app called "System Shutdown". I do have something called C:\Program Files\ j2sdk_nb\ netbeans3.5.1\ tomcat486\bin\ shutdown AND C:\Program Files\ j2sdk_nb\ netbeans3.5.1\ tomcat486\bin\ shutdown.sh. (The served app is java based.)

Can I get some pointers to what might be happening, the location of the "shutdown" app and any log files it creates?

Thank you (and have a Happy Holiday!).

The Apache Access log shows many "GET /<nonexistentfile name> HTTP 1.0/ ## ##" accesses, including some around the time of the crash but there are probably thousands of those in this log file from a wide variety of IP addresses (including 129.64.99.100): robots.txt, NessusTest###.html, etc.

Strangely, some of the IP addresses that look for non-existent files proceed to make proper use of the real files (tutorials, headers, reo.jar, etc.). I don't think these are hackers, but maybe their computers are infected? But most of those are NOT causing crashes anyway.

My Symantec AV is up to date (Dec 17) and I did a manual scan just a couple of days before the crash.

Where should I look next?

Thank you.

I think what happens is that your whole computer is rebooting and not the server just shutting. Which means the problem isn't necessarily with your server, but with the computer. The server maybe triggering something that either ends or causes to crash one of Windows' required components.

Try seeing if there is something in the windows event logger. I am not sure off hand where it is as I don't have access to a Windows box at the moment.