Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Verifying the event that initally launched a malicious task?

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 03-04-2008
don_b_1
 

Posts: n/a
Verifying the event that initally launched a malicious task?
I found a malicious task planted in the Task Scheduler of Vista Home Premium.
This task is designed to create an illusion the computer is infected with a
virus.

Is there any way I can verify the event that originally activated the
trigger and set the task in motion?

I'm using a reverse engineered OEM version of Vista, not genuine Microsoft
Vista.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-04-2008
Dwarf
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
Hi don_b_1,

You state the following (quote): "I'm using a reverse engineered OEM version
of Vista, not genuine Microsoft Vista." As such, this can be classed as
PIRATED and it is hardly surprising that you found something untoward with
it. I strongly recommend that you cease using this copy and install a genuine
copy instead because not only may you have more problems with this copy, but
you may find that people are unwilling to help you with problems if you are
not using a genuine copy.
Dwarf


"don_b_1" wrote:

> I found a malicious task planted in the Task Scheduler of Vista Home Premium.
> This task is designed to create an illusion the computer is infected with a
> virus.
>
> Is there any way I can verify the event that originally activated the
> trigger and set the task in motion?
>
> I'm using a reverse engineered OEM version of Vista, not genuine Microsoft
> Vista.

Reply With Quote
  #3 (permalink)  
Old 03-04-2008
don_b_1
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
I guess I wasn't clear. This OEM Vista is fully licensed by Microsoft.
Reply With Quote
  #4 (permalink)  
Old 03-04-2008
Bob F.
 

Posts: n/a
Re: Verifying the event that initally launched a malicious task?
"don_b_1" <donb1@discussions.microsoft.com> wrote in message
news:BDF4E837-2BAE-4D3B-9486-FE787A87E641@microsoft.com...
>I guess I wasn't clear. This OEM Vista is fully licensed by Microsoft.



Please include enough of the previous message(s) so that others trying to
follow this thread know what you are talking about. Also please try to
“edit out” the non relevant portions. It helps everyone. Go to:
Tools > Options > Send > check - “Include message in reply”

--
BobF.

Reply With Quote
  #5 (permalink)  
Old 03-04-2008
don_b_1
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
To further clarify, this licensed copy of Vista is of the type that comes as
a pre-installed image copied to the recovery partition of a new laptop
computer. The computer was purchased from a major brick and mortar office
supply company.
Reply With Quote
  #6 (permalink)  
Old 03-04-2008
Dwarf
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
Hi don_b_1,

Your copy of Vista as supplied is a legitimate OEM version. However, by
'reverse engineering' it, you are violating the EULA agreement. As far as I
am aware, the only difference between the RETAIL version and the OEM versions
of Vista is that with an OEM version that copy is tied to the first system
that it is installed and activated on (it therefore lives and dies with that
system), whereas the retail version is transferable PROVIDING that it is not
installed on more than one machine at a time. The following is taken from
Clause 8 of the EULA of Windows Vista Home Premium.
Dwarf

"SCOPE OF LICENSE. The software is licensed, not sold. This agreement only
gives you some rights to use the software. Microsoft reserves all other
rights. Unless applicable law gives you more rights despite this limitation,
you may use the software only as expressly permitted in this agreement. In
doing so, you must comply with any technical limitations in the software that
only allow you to use it in certain ways. You may not reverse engineer,
decompile or disassemble the software, except and only to the extent that
applicable law expressly permits, despite this limitation. For more
information, see http://www.microsoft.com/licensing/userights."

"don_b_1" wrote:

> To further clarify, this licensed copy of Vista is of the type that comes as
> a pre-installed image copied to the recovery partition of a new laptop
> computer. The computer was purchased from a major brick and mortar office
> supply company.

Reply With Quote
  #7 (permalink)  
Old 03-04-2008
don_b_1
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?


"Dwarf" wrote:

> Hi don_b_1,
>
> Your copy of Vista as supplied is a legitimate OEM version. However, by
> 'reverse engineering' it, you are violating the EULA agreement.


Hello Dwarf,

I am not the one that did any reverse engineering on it, okay? I am merely
the one trying to sort out the problems created by the software engineer who
did.

I am also trying find information to verify the original event that pulled
the trigger on the malicious task in the beginning. That's the thing you see
up top and what this thread is supposed to be all about.

Can you please give all this suspicion and innuendo a rest and try to help
me find the place in Vista where I can verify what set this task in motion?
There is nothing about that event in the task properties or in the logs but
it seems like there ought to be a record of it somewhere in Vista. I just
don't know where to look.
Reply With Quote
  #8 (permalink)  
Old 03-04-2008
Dwarf
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
Hi don_b_1,

Apologies for the misunderstanding. Perhaps if you stated this in your
original post, then this misunderstanding would not have come about. To find
out the trigger for a particular task, do the following. Open the 'Task
Scheduler' by clicking on the start orb and typing 'task scheduler' into the
search box. This program will appear in the 'Programs' section of the results
panel. Right click on it and select 'Run as administrator'. After providing
administrative credentials, the program will open. In the left hand panel,
under the heading 'Task Scheduler (Local)', expand all items. When you see
the item in question, click on it. In the top half of the central panel, this
task will be listed. Click on this and the bottom half of the central panel
will be populated. Go through the options listed here, and this should be
able to help you. Note that since this copy of Vista has been reverse
engineered by a 3rd party, the 'Task Scheduler' program may or may not work
correctly. In addition to this, you may find that other features do not work
as intended as well.
Dwarf

"don_b_1" wrote:

>
>
> "Dwarf" wrote:
>
> > Hi don_b_1,
> >
> > Your copy of Vista as supplied is a legitimate OEM version. However, by
> > 'reverse engineering' it, you are violating the EULA agreement.

>
> Hello Dwarf,
>
> I am not the one that did any reverse engineering on it, okay? I am merely
> the one trying to sort out the problems created by the software engineer who
> did.
>
> I am also trying find information to verify the original event that pulled
> the trigger on the malicious task in the beginning. That's the thing you see
> up top and what this thread is supposed to be all about.
>
> Can you please give all this suspicion and innuendo a rest and try to help
> me find the place in Vista where I can verify what set this task in motion?
> There is nothing about that event in the task properties or in the logs but
> it seems like there ought to be a record of it somewhere in Vista. I just
> don't know where to look.

Reply With Quote
  #9 (permalink)  
Old 03-04-2008
don_b_1
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
"Dwarf" wrote:

> Hi don_b_1,
>
> Apologies for the misunderstanding. Perhaps if you stated this in your
> original post, then this misunderstanding would not have come about. To find
> out the trigger for a particular task, do the following. Open the 'Task
> Scheduler' by clicking on the start orb and typing 'task scheduler' into the
> search box. This program will appear in the 'Programs' section of the results
> panel. Right click on it and select 'Run as administrator'. After providing
> administrative credentials, the program will open. In the left hand panel,
> under the heading 'Task Scheduler (Local)', expand all items. When you see
> the item in question, click on it. In the top half of the central panel, this
> task will be listed. Click on this and the bottom half of the central panel
> will be populated. Go through the options listed here, and this should be
> able to help you.


Thanks Dwarf. No problems. I should have been more direct in my original post.

I already have all the general parameters for the task and the settings and
the conditions that control how it runs I also have all the info on the
trigger that makes it run NOW.

What I can't find is the particular piece of programming that activated the
task BEFORE the trigger took over. The regular trigger described under the
"Triggers" tab in the Task Schedule Library gives me that and it is what
continues to make it run. Something occurred to activate the task and it
wasn't installation of the software from the recovery partition to the C:
drive and this is what I cannot find.

I have the complete history of the task from the log.. This dates back to
the first time the task ever executed. I have a very good idea what set the
task it motion but I can't prove it until I find the programming that set it
off.

> Note that since this copy of Vista has been reverse
> engineered by a 3rd party, the 'Task Scheduler' program may or may not work
> correctly. In addition to this, you may find that other features do not work
> as intended as well.


Task Scheduler appears to work properly but indeed, there are problems with
this thing that I've been working out, one by one. What bothers me is the
number of bombs planted in the OS that haven't gone off yet.

I am in contact with various people regarding this situation, including the
executive offices of the retailer and Microsoft but I like to have all the
facts before I begin presenting a case. Ya know what I mean?
Reply With Quote
  #10 (permalink)  
Old 03-05-2008
Dwarf
 

Posts: n/a
RE: Verifying the event that initally launched a malicious task?
Hi don_b_1,

Click the start orb and type 'winver' followed by enter. What version of
Vista comes up? What is the build number?
Dwarf

"don_b_1" wrote:

> "Dwarf" wrote:
>
> > Hi don_b_1,
> >
> > Apologies for the misunderstanding. Perhaps if you stated this in your
> > original post, then this misunderstanding would not have come about. To find
> > out the trigger for a particular task, do the following. Open the 'Task
> > Scheduler' by clicking on the start orb and typing 'task scheduler' into the
> > search box. This program will appear in the 'Programs' section of the results
> > panel. Right click on it and select 'Run as administrator'. After providing
> > administrative credentials, the program will open. In the left hand panel,
> > under the heading 'Task Scheduler (Local)', expand all items. When you see
> > the item in question, click on it. In the top half of the central panel, this
> > task will be listed. Click on this and the bottom half of the central panel
> > will be populated. Go through the options listed here, and this should be
> > able to help you.

>
> Thanks Dwarf. No problems. I should have been more direct in my original post.
>
> I already have all the general parameters for the task and the settings and
> the conditions that control how it runs I also have all the info on the
> trigger that makes it run NOW.
>
> What I can't find is the particular piece of programming that activated the
> task BEFORE the trigger took over. The regular trigger described under the
> "Triggers" tab in the Task Schedule Library gives me that and it is what
> continues to make it run. Something occurred to activate the task and it
> wasn't installation of the software from the recovery partition to the C:
> drive and this is what I cannot find.
>
> I have the complete history of the task from the log.. This dates back to
> the first time the task ever executed. I have a very good idea what set the
> task it motion but I can't prove it until I find the programming that set it
> off.
>
> > Note that since this copy of Vista has been reverse
> > engineered by a 3rd party, the 'Task Scheduler' program may or may not work
> > correctly. In addition to this, you may find that other features do not work
> > as intended as well.

>
> Task Scheduler appears to work properly but indeed, there are problems with
> this thing that I've been working out, one by one. What bothers me is the
> number of bombs planted in the OS that haven't gone off yet.
>
> I am in contact with various people regarding this situation, including the
> executive offices of the retailer and Microsoft but I like to have all the
> facts before I begin presenting a case. Ya know what I mean?

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Article ID: 934640 In Windows, Event Viewer incorrectly displays IPv6 addresses in event descriptions KBArticles English 0 10-22-2007 20:00
Verifying connection speed meerkat microsoft.public.windows.vista.general 1 10-13-2007 14:09
How to assign a custom task to an event that has not yet occured SombreSire microsoft.public.windows.vista.performance maintenance 0 08-08-2007 13:28
Event Log and Task Scheduler Lincoln De Kalb microsoft.public.windows.vista.general 4 06-19-2007 08:12
Vista VPN server hanging on Verifying Username and Password..help. ridergroov microsoft.public.windows.vista.general 0 04-27-2007 18:18




All times are GMT +1. The time now is 08:49.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120