A win7 trick

[vefatica]

If you are typically a member of Administrators there's a little trick that will let you start TCC (or anything I suppose) elevated without having to answer to a UAC prompt. I don't know, and tend to doubt, whether this can be adapted for a non-admin.

Create a scheduled task:

Name: whatever (I'll use "TCCAdmin")
Run with highest privileges
Triggers: none
Action: Start a program (TCC, wherever)
Settings: Allow run on demand

Now create a shortcut to: C:\Windows\System32\schtasks.exe /run /tn "TCCAdmin"

That's it. The shortcut starts TCC elevated without fuss.

 

[Frank]

cool trick.
Something similar was already diskussed in http://jpsoft.com/forums/posts/20676/
I will try it tomorrow on my "admin-pc".

 

[vefatica]

cool trick.
Something similar was already diskussed in http://jpsoft.com/forums/posts/20676/
I will try it tomorrow on my "admin-pc".

That seems identical. I missed it and Googled up someone else's instructions.

 

[Frank]

Today I created a task as described above. In the taskmanager I can see that a tcc-process is created, but no console-window is starting on my desktop!
It was q'n'd because I had very little time today, but I didn't expect this to become a challenge ;)
Next try tomorrow.

 

[Fross]

I just tried this today and it worked perfectly. My only compliant (and it makes perfect sense) is that I get a new icon on my taskbar for tcmd since my other task bar quick access icon is not really tcmd, it's schtasks.

 

[Frank]

I couldn't wait until tomorrow and just tried it via a remote session.
I deleted the task and recreated it. Now it works! The difference is that now I've choosen "configure for: Windows 7 / Server 2008 R2" (before it was "Vista / Server 2008").
Thanks.

 

[BitPusher]

Even easier is to turn off "Run all administrators in Admin Approval Mode".

If UAC is disabled, in
HKLM,Software,Microsoft,Windows,CurrentVersion,Policies,System Set EnableLUA = 0

Never heard again from UAC after doing that.

Carl

 

[vefatica]

Even easier is to turn off "Run all administrators in Admin Approval Mode".

If UAC is disabled, in
HKLM,Software,Microsoft,Windows,CurrentVersion,Policies,System Set EnableLUA = 0

Never heard again from UAC after doing that.

Carl

Well, I've been in full control for 20 years and finally got bitten ... infected with something ... affected the running Win7 as well as the backup Dell-installed XP on the same computer. So I reinstalled Win7 and am resolved to be (at least a little) more careful).

Though I've removed the boot mechanism (with BCDEDIT) for the two infected OSs, their files are still in place and I'd like to look around for a clue to what I caught and how I caught it. I know nothing of AV software. Is there something simple, free, and thorough that I can simply run on demand (and won't integrate itself with the OS)?

FWIW, the infection I had caused one of my svchost.exe processes (or a phony one) to make countless simultaneous outgoing HTTP (80) connections to hosts I didn't recognize by name. That process's memory use grew until it crashed; then it restarted and the bad behavior started again.

 

[TEA-Time]

Well, I've been in full control for 20 years and finally got bitten ... infected with something ... affected the running Win7 as well as the backup Dell-installed XP on the same computer. So I reinstalled Win7 and am resolved to be (at least a little) more careful).

Though I've removed the boot mechanism (with BCDEDIT) for the two infected OSs, their files are still in place and I'd like to look around for a clue to what I caught and how I caught it. I know nothing of AV software. Is there something simple, free, and thorough that I can simply run on demand (and won't integrate itself with the OS)?

FWIW, the infection I had caused one of my svchost.exe processes (or a phony one) to make countless simultaneous outgoing HTTP (80) connections to hosts I didn't recognize by name. That process's memory use grew until it crashed; then it restarted and the bad behavior started again.

Ouch... SUPERAntiSpyware (yes, as cheesy as it sounds) and Malwarebytes Anti-Malware together are really good for cleaning up infected PCs. They need installed, but only run real-time if you pay for them. Otherwise, they're on-demand only, but just as effective.

http://superantispyware.com/
http://www.malwarebytes.org/

TDSSKiller from Kaspersky is good for cleaning up the TDSS root kit. No install, just run the .exe.

http://support.kaspersky.com/faq/?qid=208283363

You can also upload individual files to VirusTotal and they'll scan them with a plethora of AV products.

https://www.virustotal.com/

 

[vefatica]

Ouch... SUPERAntiSpyware (yes, as cheesy as it sounds) and Malwarebytes Anti-Malware together are really good for cleaning up infected PCs. They need installed, but only run real-time if you pay for them. Otherwise, they're on-demand only, but just as effective.

http://superantispyware.com/
http://www.malwarebytes.org/

TDSSKiller from Kaspersky is good for cleaning up the TDSS root kit. No install, just run the .exe.

http://support.kaspersky.com/faq/?qid=208283363

You can also upload individual files to VirusTotal and they'll scan them with a plethora of AV products.

https://www.virustotal.com/

The first two don't sound like they detect viruses/worms/trojans ... do they?

 

[vefatica]

Ouch... SUPERAntiSpyware (yes, as cheesy as it sounds) and Malwarebytes Anti-Malware together are really good for cleaning up infected PCs. They need installed, but only run real-time if you pay for them. Otherwise, they're on-demand only, but just as effective.

http://superantispyware.com/
http://www.malwarebytes.org/

TDSSKiller from Kaspersky is good for cleaning up the TDSS root kit. No install, just run the .exe.

http://support.kaspersky.com/faq/?qid=208283363

You can also upload individual files to VirusTotal and they'll scan them with a plethora of AV products.

https://www.virustotal.com/

And does TDSSKiller need to be run by the infected OS? That's impossible now.

 

[TEA-Time]

The first two don't sound like they detect viruses/worms/trojans ... do they?

"Malware" in general, but mostly trojans. They do a good job at detecting most every type of infection I've seen lately.

And does TDSSKiller need to be run by the infected OS? That's impossible now.

I believe it does look in certain places, so it probably has to be. You don't just point it at a drive and tell it to go.

 

[TEA-Time]

Oh yeah, there's also the McAfee Stinger, which cleans up the latest and most common crap that's out there. But I think it's like TDSSKiller and expects to be run on an infected system.

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

I'm not familiar with any offline scanners, but you might want to Google offline anti-virus scanner or something like that to see what's out there.

 

[vefatica]

Oh yeah, there's also the McAfee Stinger, which cleans up the latest and most common crap that's out there. But I think it's like TDSSKiller and expects to be run on an infected system.

http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

I'm not familiar with any offline scanners, but you might want to Google offline anti-virus scanner or something like that to see what's out there.

Win7's Defender foundWin32/Sefnit.AJ in the old Win7, and Win32/Alureon.FK in the temp dir used by both (old) OSs. The TDSSKiller found nothing.

So what about the built-in Windows Defender? It has been running (unobtrusively). Is it any good?
So how do you get these things? I never do anything promiscuous (on the computer).

 

[TEA-Time]

Win7's Defender foundWin32/Sefnit.AJ in the old Win7, and Win32/Alureon.FK in the temp dir used by both (old) OSs. The TDSSKiller found nothing.

So what about the built-in Windows Defender? It has been running (unobtrusively). Is it any good?
So how do you get these things? I never do anything promiscuous (on the computer).

I'd totally forgotten about Windows Defender. Heh As far as I know Windows Defender is good, but I've never really used it. Not knowing Windows Defender, we decided on McAfee Anti-Virus Enterprise where I work, disabling Windows Defender. Back in 2004 when Microsoft bought GIANT AntiSpyware, which I hadn't heard of at the time, it was actually rated pretty high. I've never seen anything bad being said about it since either. Here's more background and info on it:

http://en.wikipedia.org/wiki/Windows_Defender

A lot of infections now days are drive-bys, where you're browsing a legitimate site that's been hacked to foist a barrage of exploits on your computer without requiring any interaction on your part. Sadly, I see a lot of that stuff happen from people just clicking on Google search hits. The most common attack vectors these days are Java, Adobe Flash, and Adobe Reader (although Adobe Reader X is pretty safe now as it operates sandboxed). Always make sure you're up-to-date as possible on at least those, in addition to Windows itself.

Then there are sites that pop up a fake My Computer looking window (but it's a browser window) and pretends to be scanning your hard drive, of course telling you that infections were found and that your whole computer needs scanned, and then try and download an .exe file for you to run. A legitimate anti-virus program may tell you that a malicious file was found while you're browsing the web, but it will NEVER suddenly tell you that your whole computer needs scanned, nor throw an .exe at you to do it!

A REALLY GOOD site to stay up to date with this kind of stuff and more is Krebs On Security. In fact, I was just in the middle of reading his latest post.

http://krebsonsecurity.com/

And of course there's the malicious spam with nasty links in them trying to socially engineer you. It's amazing how bad that's getting! Here's a great blog that keeps track of that junk. I think he works for SpamCop.

http://blog.dynamoo.com/
http://www.spamcop.net/

 

[Frank]

You could try the "Avira AntiVir Rescue System": http://www.avira.com/en/download/product/avira-antivir-rescue-system
You can burn the iso on cd and boot from it.

 

[samintz]

My very favorite of all time is Vipre. They have a free scanner called Vipre Rescue that you just run without needing to install the full app. It is the most effective and lowest resource hog of any AV/AS product I've ever used. That combined with Malwarebytes is a very effective solution.

http://www.vipreantivirus.com

You can download VIPRE Rescue and Malwarebytes through the following site:

http://vipre.malwarebytes.org/

You can download ERD Commander 2005 and use the Remote Recover option to attach the infected drives remotely to a working PC. This link contains a tutorial on how to create a bootable USB key with ERD Commander on it. http://forum.xatrix.org/tutorials-f26/erd-commander-2005-usb-t1552.html

-Scott

 

[samintz]

It appears that the above link does not contain a link to download ERD Commander. I believe you can download it from MS if you have a MSDN, TechNet, or MSVL license. It was made by Winternals. Which was acquired by MS. It is part of the Microsoft Desktop Optimization Pack. It is contained in a tool called Desktop and Recovery Tool (DaRT).

-Scott

 

[mathewsdw]

Guys, sorry for the stupid question but how do you run a GUI version "schtasks"? I could do what I want to do using the command line program except I don't even see an option to "run as administrator in the "schtasks" help, and typing "Task Schedule" in the "Run" box as suggested by TimFrost in the thread "jpsoft.com/forums/threads/windows-7-run-tcc-as-admin-w-o-uac-intercept.3663/#post-20676" gives me simply a message box that says 'Windows cannot find 'Task' Make sure you typed the name correctly, and then try again.", and none of adding quotes or deleting the space or both gives me any better results. And the really horrible thing related to my bad memory as always is that I did this (almost!) successfully yesterday; I just want to modify what I had done a bit (and I've deleted the task I had created yesterday in trying to "experiment" with "schtasks").

- Dan

 

[vefatica]

Guys, sorry for the stupid question but how do you run a GUI version "schtasks"? I could do what I want to do using the command line program except I don't even see an option to "run as administrator in the "schtasks" help, and typing "Task Schedule" in the "Run" box as suggested by TimFrost in the thread "jpsoft.com/forums/threads/windows-7-run-tcc-as-admin-w-o-uac-intercept.3663/#post-20676" gives me simply a message box that says 'Windows cannot find 'Task' Make sure you typed the name correctly, and then try again.", and none of adding quotes or deleting the space or both gives me any better results. And the really horrible thing related to my bad memory as always is that I did this (almost!) successfully yesterday; I just want to modify what I had done a bit (and I've deleted the task I had created yesterday in trying to "experiment" with "schtasks").

- Dan

Schtasks.exe doesn't have a "run as admin" option. When you create the task (see my first post in this thread) you specify "run with the highest privileges". Later you just use schtasks.exe to run the task on demand. When all is said and done, I suspect you must be an administrator (though under UAC) to make the whole thing work.

 

[mathewsdw]

Vince, you precisely didn't answer the question I was trying to ask!!! :) I know schtasks.exe doesn't have a "run as administrator" option; I found that out pretty much without a doubt by doing many "schtask ... /?" commands, none of which showed anything about an "administrator" option. So I clearly did this yesterday with a GUI program of some kind; but what GUI program???? All you say in your original posting as far as I can see is "Create a scheduled task:", but not with what.

- Dan

 

[vefatica]

Vince, you precisely didn't answer the question I was trying to ask!!! :) I know schtasks.exe doesn't have a "run as administrator" option; I found that out pretty much without a doubt by doing many "schtask ... /?" commands, none of which showed anything about an "administrator" option. So I clearly did this yesterday with a GUI program of some kind; but what GUI program???? All you say in your original posting as far as I can see is "Create a scheduled task:", but not with what.

- Dan

You can run TASKSCHD.MSC from a command line, get to it ("Task Scheduler") in ControlPanel\AdministrativeTools, or, if you're using the Win7 (new) start menu, just type "sch" there and it will be at the top of the list.

 

[mathewsdw]

Update: After the posting the above I did yet another Google search for "scheduled tasks gui -ubuntu" and after poking through a fairly large number of results somebody said, as an aside, that "The "Scheduled Tasks" control panel GUI, and the "SCHTASKS" DOS command...", and there was the (very simple!) answer I was looking for. Somehow I had figured this out yesterday, but not today. But thank you all!

And thank you, Vince, you posted your answer simultaneously with my finding the answer with Google.

- Dan

 

[vefatica]

Update: After the posting the above I did yet another Google search for "scheduled tasks gui -ubuntu" and after poking through a fairly large number of results somebody said, as an aside, that "The "Scheduled Tasks" control panel GUI, and the "SCHTASKS" DOS command...", and there was the (very simple!) answer I was looking for. Somehow I had figured this out yesterday, but not today. But thank you all!

And thank you, Vince, you posted your answer simultaneously with my finding the answer with Google.

- Dan

What does "ubuntu" have to do with it?

 

[mathewsdw]

Vince, absolutely nothing except that it kept coming up over and over in the Google search and it was clearly something I was not interested in (I don't even know what "ubuntu" is; nor do I care).

- Dan

 

[JohnQSmith]

(I don't even know what "ubuntu" is; nor do I care).

It's a Debian Linux distribution. You can still not care, but at least you now know.

 

[mathewsdw]

Thank you, Mr. Smith! :)

 

[Steve Pitts]

I suspect you must be an administrator (though under UAC) to make the whole thing work

Work without any UAC prompts, then yes, but such scheduled tasks will work regardless. If run under a non-admin user then you see the usual UAC elevation prompt and have to enter an administrator password before the task will actually run (I have one such task that runs RealTemp at log on time and therefore get such a prompt every time I log on).

 

[vefatica]

This thread is a bit old and refers to Win7. It works in Win10 also. In #1 I noted how to start TCC elevated without a UAC prompt (essentially a scheduled task, TCC, run on demand, highest privileges, start it with "SCHTASKS /run /tn <task_name>").

Over the years I've changed it a little. The scheduled task now starts TCC with [path\]admin.btm. Admin.btm changes my titleprompt and the color of my prompt so I can readily identify such an instance.

Today I put this at the end of admin.btm.

on error quit
[path\]special.btm

The "on error" is to suppress the error message when special.btm doesn't exist.

Then I put this at the beginning of a BTM that needs to run elevated.

iff %_elevated != 1 then
        echo %@full[%0] > c:\apps\workplace\special.btm
        schtasks.exe /run /tn TCCAdmin > NUL
        delay 2
        del /q c:\apps\workplace\special.btm
        quit
endiff

It works. Without fuss, an elevated TCC starts and runs the BTM. I don't particularly like the DELAY (any ideas) but it only delays the deleting of special.btm.

 

[AnrDaemon]

You can
IF EXISTS … CALL …
No need for ON ERROR in this specific case.