Solved

Can I trace or audit Remote Scheduled Task (at.exe) Commands?

Posted on 2009-03-30
5
366 Views
Last Modified: 2012-05-06
I have some virus that remotely schedules tasks on other computers and that made me think:

On the machine that the task is created on, is it possible to see from which machine that task was actually created? I assume using auditing it should be possible to trace this?

Any ideas?
0
Comment
Question by:GSLBermuda
  • 3
  • 2
5 Comments
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022054
0
 

Author Comment

by:GSLBermuda
ID: 24022197
We already found out which virus we are dealing with (and yes, it was that one), that wasn't my question (I didn't post the question in the antii virus section ;-) ) My question is more in general, if someone remotely schedules a task on another computer, it is possible to trace such an attempt (succes or not) on the remote machine and how would I identify that in the event viewer or something like that.
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 500 total points
ID: 24022247
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24022266
Also some people have posted in other sections unknowing that they had said virus, so better safe than sorry :-)

Hope the above helps you
0
 

Author Comment

by:GSLBermuda
ID: 24022637
No Worries! And thanks, that article was very helpful.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question