Vista - Verifying the event that initally launched a malicious task?

I found a malicious task planted in the Task Scheduler of Vista Home Premium.
This task is designed to create an illusion the computer is infected with a
virus.

Is there any way I can verify the event that originally activated the
trigger and set the task in motion?

I'm using a reverse engineered OEM version of Vista, not genuine Microsoft
Vista.

Hi don_b_1,

You state the following (quote): "I'm using a reverse engineered OEM version
of Vista, not genuine Microsoft Vista." As such, this can be classed as
PIRATED and it is hardly surprising that you found something untoward with
it. I strongly recommend that you cease using this copy and install a genuine
copy instead because not only may you have more problems with this copy, but
you may find that people are unwilling to help you with problems if you are
not using a genuine copy.
Dwarf


"don_b_1" wrote:

I guess I wasn't clear. This OEM Vista is fully licensed by Microsoft.

"don_b_1" <donb1@xxxxxx> wrote in message
news:BDF4E837-2BAE-4D3B-9486-FE787A87E641@xxxxxx
Please include enough of the previous message(s) so that others trying to
follow this thread know what you are talking about. Also please try to
“edit out� the non relevant portions. It helps everyone. Go to:
Tools > Options > Send > check - “Include message in reply�

--
BobF.

To further clarify, this licensed copy of Vista is of the type that comes as
a pre-installed image copied to the recovery partition of a new laptop
computer. The computer was purchased from a major brick and mortar office
supply company.

"Dwarf" wrote:
Hello Dwarf,

I am not the one that did any reverse engineering on it, okay? I am merely
the one trying to sort out the problems created by the software engineer who
did.

I am also trying find information to verify the original event that pulled
the trigger on the malicious task in the beginning. That's the thing you see
up top and what this thread is supposed to be all about.

Can you please give all this suspicion and innuendo a rest and try to help
me find the place in Vista where I can verify what set this task in motion?
There is nothing about that event in the task properties or in the logs but
it seems like there ought to be a record of it somewhere in Vista. I just
don't know where to look.

Hi don_b_1,

Apologies for the misunderstanding. Perhaps if you stated this in your
original post, then this misunderstanding would not have come about. To find
out the trigger for a particular task, do the following. Open the 'Task
Scheduler' by clicking on the start orb and typing 'task scheduler' into the
search box. This program will appear in the 'Programs' section of the results
panel. Right click on it and select 'Run as administrator'. After providing
administrative credentials, the program will open. In the left hand panel,
under the heading 'Task Scheduler (Local)', expand all items. When you see
the item in question, click on it. In the top half of the central panel, this
task will be listed. Click on this and the bottom half of the central panel
will be populated. Go through the options listed here, and this should be
able to help you. Note that since this copy of Vista has been reverse
engineered by a 3rd party, the 'Task Scheduler' program may or may not work
correctly. In addition to this, you may find that other features do not work
as intended as well.
Dwarf

"don_b_1" wrote:

"Dwarf" wrote:
Thanks Dwarf. No problems. I should have been more direct in my original post.

I already have all the general parameters for the task and the settings and
the conditions that control how it runs I also have all the info on the
trigger that makes it run NOW.

What I can't find is the particular piece of programming that activated the
task BEFORE the trigger took over. The regular trigger described under the
"Triggers" tab in the Task Schedule Library gives me that and it is what
continues to make it run. Something occurred to activate the task and it
wasn't installation of the software from the recovery partition to the C:
drive and this is what I cannot find.

I have the complete history of the task from the log.. This dates back to
the first time the task ever executed. I have a very good idea what set the
task it motion but I can't prove it until I find the programming that set it
off.
Task Scheduler appears to work properly but indeed, there are problems with
this thing that I've been working out, one by one. What bothers me is the
number of bombs planted in the OS that haven't gone off yet.

I am in contact with various people regarding this situation, including the
executive offices of the retailer and Microsoft but I like to have all the
facts before I begin presenting a case. Ya know what I mean?

Hi don_b_1,

Click the start orb and type 'winver' followed by enter. What version of
Vista comes up? What is the build number?
Dwarf

"don_b_1" wrote:

"Dwarf" wrote:
Good Morning Dwarf. It's Vista Home Premium Version 6.0 (Build 6000)