Hosting Provided By

Re: Hiding scheduled tasks in 2K/XP

From: H Carvey <keydet89(at)yahoo.com>
Date: Tue Jun 03 2003 - 15:15:05 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <000301c328d6$15c4d780$1202020a@hey>

Winter,

I've verified this on Win2K SP2. Interesting.

I use Perl for system programming on Windows platforms, particularly for IR and forensics. The
Win32::TaskScheduler module will completely enumerate even the hidden (attrib +h) tasks...

I mention this, as I'm putting together a full-blown IR application that is made up of my scripts, and can be run from a CD. This will be included in my upcoming book.

Harlan

>Ive found that you can use attrib.exe on files in
%windir%\tasks,
>particularly with the +h attribute. "Attrib.exe +h *"
will hide all
>scheduled tasks from AT, Scheduled Tasks (both Control
Panel + explorer) =
>and
>"dir %windir%\tasks" (unless you use dir /a or have it
set as such in
>%dircmd%). Browsing %windir%\tasks on the cmd line
with "dir /a" is the
>only way ive been able to detect jobs that have been
hidden this way. =
>They
>run as scheduled. Tested on 2000 SP3 & XP SP1.

Received on Tue Jun 3 16:29:18 2003

This message: [ Message body ]
Next message: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"
Previous message: Chris Hall: "Re: Tools for voicemail testing?"
In reply to winter: "Hiding scheduled tasks in 2K/XP"
Next in thread: Dan Perez: "RE: Hiding scheduled tasks in 2K/XP"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:36 EDT