Re: Hiding scheduled tasks in 2K/XP

From: H Carvey (keydet89@yahoo.com)
Date: Tue Jun 03 2003 - 15:15:05 EDT

• Next message: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• Previous message: Chris Hall: "Re: Tools for voicemail testing?"
• Maybe in reply to: winter: "Hiding scheduled tasks in 2K/XP"
• Next in thread: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Winter,

I've verified this on Win2K SP2. Interesting.

I use Perl for system programming on Windows platforms,
particularly for IR and forensics. The
Win32::TaskScheduler module will completely enumerate
even the hidden (attrib +h) tasks...

I mention this, as I'm putting together a full-blown IR
application that is made up of my scripts, and can be
run from a CD. This will be included in my upcoming book.

Harlan

>Ive found that you can use attrib.exe on files in
%windir%\tasks,
>particularly with the +h attribute. "Attrib.exe +h *"
will hide all
>scheduled tasks from AT, Scheduled Tasks (both Control
Panel + explorer) =
>and
>"dir %windir%\tasks" (unless you use dir /a or have it
set as such in
>%dircmd%). Browsing %windir%\tasks on the cmd line
with "dir /a" is the
>only way ive been able to detect jobs that have been
hidden this way. =
>They
>run as scheduled. Tested on 2000 SP3 & XP SP1.

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• Previous message: Chris Hall: "Re: Tools for voicemail testing?"
• Maybe in reply to: winter: "Hiding scheduled tasks in 2K/XP"
• Next in thread: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:34 EDT