Solved

Can I trace or audit Remote Scheduled Task (at.exe) Commands?

Posted on 2009-03-30
5
365 Views
Last Modified: 2012-05-06
I have some virus that remotely schedules tasks on other computers and that made me think:

On the machine that the task is created on, is it possible to see from which machine that task was actually created? I assume using auditing it should be possible to trace this?

Any ideas?
0
Comment
Question by:GSLBermuda
  • 3
  • 2
5 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022054
0
 

Author Comment

by:GSLBermuda
ID: 24022197
We already found out which virus we are dealing with (and yes, it was that one), that wasn't my question (I didn't post the question in the antii virus section ;-) ) My question is more in general, if someone remotely schedules a task on another computer, it is possible to trace such an attempt (succes or not) on the remote machine and how would I identify that in the event viewer or something like that.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24022247
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022266
Also some people have posted in other sections unknowing that they had said virus, so better safe than sorry :-)

Hope the above helps you
0
 

Author Comment

by:GSLBermuda
ID: 24022637
No Worries! And thanks, that article was very helpful.

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Log files are useful in diagnosing and repairing problems.  This is a list of common log files and their standard locations that I've compiled.   While this is not exhaustive, it is a pretty good list that I've found to be useful.  I may update it f…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question