Verifying the event that initally launched a malicious task?

Posted: 03-04-2008, 04:32 AM
I found a malicious task planted in the Task Scheduler of Vista Home Premium.
This task is designed to create an illusion the computer is infected with a
virus.

Is there any way I can verify the event that originally activated the
trigger and set the task in motion?

I'm using a reverse engineered OEM version of Vista, not genuine Microsoft
Vista.

Verifying the event that initally launched a malicious task?


Responses to "Verifying the event that initally launched a malicious task?"

Dwarf
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 04:36 PM
Hi don_b_1,

You state the following (quote): "I'm using a reverse engineered OEM version
of Vista, not genuine Microsoft Vista." As such, this can be classed as
PIRATED and it is hardly surprising that you found something untoward with
it. I strongly recommend that you cease using this copy and install a genuine
copy instead because not only may you have more problems with this copy, but
you may find that people are unwilling to help you with problems if you are
not using a genuine copy.
Dwarf


"don_b_1" wrote:
> I found a malicious task planted in the Task Scheduler of Vista Home Premium.
> This task is designed to create an illusion the computer is infected with a
> virus.
>
> Is there any way I can verify the event that originally activated the
> trigger and set the task in motion?
>
> I'm using a reverse engineered OEM version of Vista, not genuine Microsoft
> Vista.
don_b_1
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 05:59 PM
I guess I wasn't clear. This OEM Vista is fully licensed by Microsoft.
Bob F.
Guest
Posts: n/a
 
Re: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 06:02 PM
"don_b_1" <donb1@discussions.microsoft.com> wrote in message
news:BDF4E837-2BAE-4D3B-9486-FE787A87E641@microsoft.com...
>I guess I wasn't clear. This OEM Vista is fully licensed by Microsoft.

Please include enough of the previous message(s) so that others trying to
follow this thread know what you are talking about. Also please try to
“edit out” the non relevant portions. It helps everyone. Go to:
Tools > Options > Send > check - “Include message in reply”

--
BobF.

don_b_1
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 06:07 PM
To further clarify, this licensed copy of Vista is of the type that comes as
a pre-installed image copied to the recovery partition of a new laptop
computer. The computer was purchased from a major brick and mortar office
supply company.
Dwarf
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 06:44 PM
Hi don_b_1,

Your copy of Vista as supplied is a legitimate OEM version. However, by
'reverse engineering' it, you are violating the EULA agreement. As far as I
am aware, the only difference between the RETAIL version and the OEM versions
of Vista is that with an OEM version that copy is tied to the first system
that it is installed and activated on (it therefore lives and dies with that
system), whereas the retail version is transferable PROVIDING that it is not
installed on more than one machine at a time. The following is taken from
Clause 8 of the EULA of Windows Vista Home Premium.
Dwarf

"SCOPE OF LICENSE. The software is licensed, not sold. This agreement only
gives you some rights to use the software. Microsoft reserves all other
rights. Unless applicable law gives you more rights despite this limitation,
you may use the software only as expressly permitted in this agreement. In
doing so, you must comply with any technical limitations in the software that
only allow you to use it in certain ways. You may not reverse engineer,
decompile or disassemble the software, except and only to the extent that
applicable law expressly permits, despite this limitation. For more
information, see http://www.microsoft.com/licensing/userights."

"don_b_1" wrote:
> To further clarify, this licensed copy of Vista is of the type that comes as
> a pre-installed image copied to the recovery partition of a new laptop
> computer. The computer was purchased from a major brick and mortar office
> supply company.
don_b_1
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 07:15 PM


"Dwarf" wrote:
> Hi don_b_1,
>
> Your copy of Vista as supplied is a legitimate OEM version. However, by
> 'reverse engineering' it, you are violating the EULA agreement.
Hello Dwarf,

I am not the one that did any reverse engineering on it, okay? I am merely
the one trying to sort out the problems created by the software engineer who
did.

I am also trying find information to verify the original event that pulled
the trigger on the malicious task in the beginning. That's the thing you see
up top and what this thread is supposed to be all about.

Can you please give all this suspicion and innuendo a rest and try to help
me find the place in Vista where I can verify what set this task in motion?
There is nothing about that event in the task properties or in the logs but
it seems like there ought to be a record of it somewhere in Vista. I just
don't know where to look.
Dwarf
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 08:51 PM
Hi don_b_1,

Apologies for the misunderstanding. Perhaps if you stated this in your
original post, then this misunderstanding would not have come about. To find
out the trigger for a particular task, do the following. Open the 'Task
Scheduler' by clicking on the start orb and typing 'task scheduler' into the
search box. This program will appear in the 'Programs' section of the results
panel. Right click on it and select 'Run as administrator'. After providing
administrative credentials, the program will open. In the left hand panel,
under the heading 'Task Scheduler (Local)', expand all items. When you see
the item in question, click on it. In the top half of the central panel, this
task will be listed. Click on this and the bottom half of the central panel
will be populated. Go through the options listed here, and this should be
able to help you. Note that since this copy of Vista has been reverse
engineered by a 3rd party, the 'Task Scheduler' program may or may not work
correctly. In addition to this, you may find that other features do not work
as intended as well.
Dwarf

"don_b_1" wrote:
>
>
> "Dwarf" wrote:
>
> > Hi don_b_1,
> >
> > Your copy of Vista as supplied is a legitimate OEM version. However, by
> > 'reverse engineering' it, you are violating the EULA agreement.
>
> Hello Dwarf,
>
> I am not the one that did any reverse engineering on it, okay? I am merely
> the one trying to sort out the problems created by the software engineer who
> did.
>
> I am also trying find information to verify the original event that pulled
> the trigger on the malicious task in the beginning. That's the thing you see
> up top and what this thread is supposed to be all about.
>
> Can you please give all this suspicion and innuendo a rest and try to help
> me find the place in Vista where I can verify what set this task in motion?
> There is nothing about that event in the task properties or in the logs but
> it seems like there ought to be a record of it somewhere in Vista. I just
> don't know where to look.
don_b_1
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-04-2008, 10:26 PM
"Dwarf" wrote:
> Hi don_b_1,
>
> Apologies for the misunderstanding. Perhaps if you stated this in your
> original post, then this misunderstanding would not have come about. To find
> out the trigger for a particular task, do the following. Open the 'Task
> Scheduler' by clicking on the start orb and typing 'task scheduler' into the
> search box. This program will appear in the 'Programs' section of the results
> panel. Right click on it and select 'Run as administrator'. After providing
> administrative credentials, the program will open. In the left hand panel,
> under the heading 'Task Scheduler (Local)', expand all items. When you see
> the item in question, click on it. In the top half of the central panel, this
> task will be listed. Click on this and the bottom half of the central panel
> will be populated. Go through the options listed here, and this should be
> able to help you.
Thanks Dwarf. No problems. I should have been more direct in my original post.

I already have all the general parameters for the task and the settings and
the conditions that control how it runs I also have all the info on the
trigger that makes it run NOW.

What I can't find is the particular piece of programming that activated the
task BEFORE the trigger took over. The regular trigger described under the
"Triggers" tab in the Task Schedule Library gives me that and it is what
continues to make it run. Something occurred to activate the task and it
wasn't installation of the software from the recovery partition to the C:
drive and this is what I cannot find.

I have the complete history of the task from the log.. This dates back to
the first time the task ever executed. I have a very good idea what set the
task it motion but I can't prove it until I find the programming that set it
off.
> Note that since this copy of Vista has been reverse
> engineered by a 3rd party, the 'Task Scheduler' program may or may not work
> correctly. In addition to this, you may find that other features do not work
> as intended as well.
Task Scheduler appears to work properly but indeed, there are problems with
this thing that I've been working out, one by one. What bothers me is the
number of bombs planted in the OS that haven't gone off yet.

I am in contact with various people regarding this situation, including the
executive offices of the retailer and Microsoft but I like to have all the
facts before I begin presenting a case. Ya know what I mean?
Dwarf
Guest
Posts: n/a
 
RE: Verifying the event that initally launched a malicious task?
Posted: 03-05-2008, 03:33 PM
Hi don_b_1,

Click the start orb and type 'winver' followed by enter. What version of
Vista comes up? What is the build number?
Dwarf

"don_b_1" wrote:
> "Dwarf" wrote:
>
> > Hi don_b_1,
> >
> > Apologies for the misunderstanding. Perhaps if you stated this in your
> > original post, then this misunderstanding would not have come about. To find
> > out the trigger for a particular task, do the following. Open the 'Task
> > Scheduler' by clicking on the start orb and typing 'task scheduler' into the
> > search box. This program will appear in the 'Programs' section of the results
> > panel. Right click on it and select 'Run as administrator'. After providing
> > administrative credentials, the program will open. In the left hand panel,
> > under the heading 'Task Scheduler (Local)', expand all items. When you see
> > the item in question, click on it. In the top half of the central panel, this
> > task will be listed. Click on this and the bottom half of the central panel
> > will be populated. Go through the options listed here, and this should be
> > able to help you.
>
> Thanks Dwarf. No problems. I should have been more direct in my original post.
>
> I already have all the general parameters for the task and the settings and
> the conditions that control how it runs I also have all the info on the
> trigger that makes it run NOW.
>
> What I can't find is the particular piece of programming that activated the
> task BEFORE the trigger took over. The regular trigger described under the
> "Triggers" tab in the Task Schedule Library gives me that and it is what
> continues to make it run. Something occurred to activate the task and it
> wasn't installation of the software from the recovery partition to the C:
> drive and this is what I cannot find.
>
> I have the complete history of the task from the log.. This dates back to
> the first time the task ever executed. I have a very good idea what set the
> task it motion but I can't prove it until I find the programming that set it
> off.
>
> > Note that since this copy of Vista has been reverse
> > engineered by a 3rd party, the 'Task Scheduler' program may or may not work
> > correctly. In addition to this, you may find that other features do not work
> > as intended as well.
>
> Task Scheduler appears to work properly but indeed, there are problems with
> this thing that I've been working out, one by one. What bothers me is the
> number of bombs planted in the OS that haven't gone off yet.
>
> I am in contact with various people regarding this situation, including the
> executive offices of the retailer and Microsoft but I like to have all the
> facts before I begin presenting a case. Ya know what I mean?
 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to assign a custom task to an event that has not yet occured SombreSire Windows Vista Performance & Maintenance 0 08-08-2007 12:28 PM
IE7 Performing very slow when launched Robert Aldwinckle Windows Vista Performance & Maintenance 0 04-16-2007 01:33 PM
When new MS keyboards will be launched? EdricFilho Windows Vista Hardware & Devices 2 12-13-2006 02:54 PM
event viewer and task scheduler unavailable jfmtech Windows XP Configuration & Management 3 04-30-2006 03:04 PM
WMI script launched by Scheduler Scott Windows XP WMI 1 07-28-2005 08:04 PM