|
-
May 30th, 2006, 07:57 PM
#11
Member
Originally posted here by Tiger Shark
Jennifer, scheduled tasks run at the same security level as the administrator... Thus they can do anything they like.
Don't they really run as "System" which is more powerful? I've used the at command before to schedule a cmd window to popup and when it does I can then use it to kill off tasks that the local administrator account does not have access to. Nothing more fun than scheduling a cmd window to popup 1 minute into the future, because that window is truely god on that computer 
-
May 30th, 2006, 09:28 PM
#12
jcjz:
You are absolutely correct... However, I'm fairly confident of Jennifer's understanding of her OS and deemed it best to put it in terms that I knew she understands.
Jennifer:
jcjz is correct... System is the most powerful account on your computer and the scheduler runs in that context... So, what is running with that sceduled item? Inquiring minds need to know... It _might_ help explain some other things we have discussed...
Don\'t SYN us.... We\'ll SYN you..... 
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 30th, 2006, 10:00 PM
#13
Member
Hey guys, sorry for the delay, baby had a dr. appt.
Properties shows that the file was created the day after the destructive recovery (remember that fiasco) and that it was modified at 4:06 this am.???
Hubby is home, I'll be back later.
You guys are the best.
-
May 30th, 2006, 10:07 PM
#14
Jennifer... What is the file name and extension?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 31st, 2006, 04:12 AM
#15
Member
Tiger Shark - "layout.ini"
I'm checking on the scheduled tasks...
Thank you all for being patient with my limited skills -- I'm learning, or leaning....
-
May 31st, 2006, 04:59 AM
#16
Member
Okay, I checked as Administrator (in safe mode) under scheduled tasks. All it shows is "Add Scheduled Task" and "Easy Internet Signup", the latter shows it has never been run... There must be another place to check - I'm looking in Accessories/ System Tools/Scheduled Tasks. ???
The midnight oil is spent and so am I, see you all tomorrow.
-
May 31st, 2006, 05:13 AM
#17
Member
I lied, I'm back.
Tiger Shark, I just realized I didn't answer your question: There are four files noted
ntuser.dat.log in c\documents and settings\guest (an account that hasn't been used in weeks); the next three are in c\windows\prefetch - Layout.ini, DEFRAG.EXE-2858C7E2.pf, DFRGNTFS.EXE-38C3807C.pf.
Does that reveal anything?
-
May 31st, 2006, 06:35 AM
#18
Member
Originally posted here by jenniferaloette
Okay, I checked as Administrator (in safe mode) under scheduled tasks. All it shows is "Add Scheduled Task" and "Easy Internet Signup", the latter shows it has never been run... There must be another place to check - I'm looking in Accessories/ System Tools/Scheduled Tasks. ???
The midnight oil is spent and so am I, see you all tomorrow.
What is the exe and path to that exe that is set in the scheduled task? Looking here at some HiJackThis logs people have posted, it looks like a legit HP application.
forums.spywareinfo.com/lofiversion/index.php/t43413.html
Here's some info on hpsdpapp.exe
hpsdpapp
Most likely you can just disable or delete that from your scheduled tasks. Personally, from what has been posted in this thread, you haven't been hacked. It looks like the layout.ini and the .pf files you posted are legit.
-
May 31st, 2006, 12:39 PM
#19
Most if not all OEM HP/Compaq's will have this process of Easy Internet Signup if you go past the install screen where it asks you what internet connection you have (Select/LAN/Modem/Later) if you decide to chose later, on the welcome screen after the install starts you will probably be prompted to connect to the internet via the Easy Internet Sign up Wizard.
It is probably set to run as a scheduled task until such time as it is removed.
The
There are four files noted
ntuser.dat.log in c\documents and settings\guest (an account that hasn't been used in weeks); the next three are in c\windows\prefetch - Layout.ini, DEFRAG.EXE-2858C7E2.pf, DFRGNTFS.EXE-38C3807C.pf.
Is from a Defrag that was either scheduled or done manually, and if you refer to post#2, there is some information there about Prefetch and about the layout.ini file
Luck
PC Registered user # 2,336,789,457...
"When the water reaches the upper level, follow the rats."
Claude Swanson
-
May 31st, 2006, 02:47 PM
#20
Member
I believe that this could be a legitimate task but two questions nag me:
Where should I search for this task if it is scheduled?
Why did the guest account show activity at that time and none of the other accounts?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
