On 6/6/2013 I had my first case of this malware that restarts your computer without asking. I believe it was a drive-by download that did it and when the computer rebooted the file was gone. Here is what was in the Event Log:
The process C:\Users\user\AppData\Local\Temp\notepad.exe (computer name) has initiated the restart of computer computer name on behalf of user computer name\user for the following reason: Legacy API shutdown
Reason Code: 0×80070000
Shutdown Type: restart
That notepad.exe is obviously malware, but it’s not there after restarting. I can’t find any other evidence of infection. I suspect that it was trying to write to the Master Boot Record (MBR), but due to encryption software it may not have gotten the job done.
I’m posting this here hoping that other researchers and IT support folks will find this and do some more investigating. Please comment here.