Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Have I been hacked?

  1. #21
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    You should be able to go to Control Panel and select the folder marked scheduled tasks, open that and it should show you an icon to "add scheduled task" and if there are any scheduled they will appear underneath.

    Click on the scheduled task and a window will open with 3 tabs Task/Schedule/settings

    Under the settings tab you can check the box marked delete the task if not scheduled to run again.

    In the schedule you will see when it is set to run.
    In the task tab in the box "run as" is where the account responsible for running the task has been identified, and under that is two boxes "run only if logged on" and "enabled(scheduled task runs at specified time)"

    If the "guest" account was the account used to login, it may have defaulted to the task settings for the scheduled task.....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  2. #22
    dalek - That's the thing. There is no scheduled task called Layout.ini. All that's listed in Scheduled Tasks is Easy Internet Signup and it says it has never run....so where and how did this task initiate? Should I look somewhere other than the usual places? According to what you say, I should have already found it if it is an automatic task. It's difficult to believe that someone got out of bed at 4:06 am just to run this one task...what would be the purpose?

    When I searched Google for Layout.ini and "OptimalLayoutFile" (the first line of text) there was one entry that showed the exact exe files that my file lists. This entry called Layout.ini an unfriendly ("subversive") file. I'll go back and get the specifics, but do you see why I'm concerned? The morning I found this activity, the computer had been left idle with one user (hubby) still logged on from the night before. Recognizable activity stopped around midnight, then those four files at 4:06 am, then my logon. It just seems weird.

  3. #23
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    The layout.ini file is part of the "prefetch" function with Windows XP, all it does is reside in the folder C:\Windows\Prefetch in this folder you will see all of the programs or applications which have been prefetched by WinXp, amongst these files will be a file called“layout.ini” file it is a consolidating of all the files in your prefetch folder. And sets the parameters for prefetching boot priorities. This file is okay and should not be removed, unless you are familiar with doing a repair of the prefetch folder.

    The application or Wizard "Easy Internet Signup" may have been scheduled to run at some point...did you check the settings for this program, it should tell you what account used it and when, AFAIK it is only for setting up a new internet connection on a repair/recovery or fresh install of the OS, usually by HP/Compaq's, it may even have been set to run as part of the initial login, and maybe the guest account being used for the first time prompted the startup of the Wizard?

    I would say it's benign and is a leftover from the recovery process you just went through and I would ignore it or plain remove it from the Task Scheduler.

    The Prefetch function is a normal process for WinXP... Prefetch Info

    Hope this helps.
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #24
    Thanks dalek!

    You're right about the Easy Internet Signup. I was never concerned about that task - it became an issue because it is the only task scheduled in the Task Scheduler.

    I _am_ concerned about the Layout.ini file (I do understand that it is a normal function of Windows) because a) it has never run before, b) it doesn't appear to be a scheduled task, and c) the three other files generated at the same time - particularly the hit on the guest account as I related earlier.

    Is this a dead horse?

  5. #25
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Is this a dead horse?
    Hit it any more and it will be considered necrophilial animal abuse...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #26
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi jenniferaloette


    What TS said....

    The file in question is okay.....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #27
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    HAve you done a search for other Layout.ini files on your PC?

    Its normal location is the Prefetch folder.. if it has landed else where, and as you say the guest account was active on the same date /time that this file was created.. I suspect that this file may have been "moved" in or about due to what ever your big crash was..
    While the Prefetch service NEEDS the task scheduler..IT ISNT and WONT be listed in the Scheduled tasks..IT IS A SYSTEM SERVICE..and it uses the resources of the Task scheduler to do its job.

    My advice.. Your right..at the moment your beating a dead horse..
    1/ If there is a legit Layout.ini in the windows\prefetch folder (I wager that there will be) then rename this ring-in Layout.ini to SUS-layout.ini (you could even open the file and compare the contents you will most likely find they are similar). then
    2/ come back in 3 or 4 days and check for a new version of that file, check your guest account for activity..

    But most importantly.. dont panic.. if it hasn't been accessed since that time, and the same goes for your guest account (disable it to by the way.. you dont need it).. during some hangups (i am not up to speed on your other problem) all manor of things happen
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #28
    Und3ertak3r- that helps, and you can bet I'll keep an eye on it. The guest account has been turned off for weeks by the way...that's another mystery I suppose.

    Hey Tiger Shark, I think you've diagnosed my entire problem: post mortem equine abuse addiction!

    Thanks everyone, from the bottom of my paranoid heart.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •