1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A win7 trick

Discussion in 'Support' started by vefatica, Mar 11, 2012.

  1. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    If you are typically a member of Administrators there's a little trick that will let you start TCC (or anything I suppose) elevated without having to answer to a UAC prompt. I don't know, and tend to doubt, whether this can be adapted for a non-admin.

    Create a scheduled task:

    Name: whatever (I'll use "TCCAdmin")
    Run with highest privileges
    Triggers: none
    Action: Start a program (TCC, wherever)
    Settings: Allow run on demand

    Now create a shortcut to: C:\Windows\System32\schtasks.exe /run /tn "TCCAdmin"

    That's it. The shortcut starts TCC elevated without fuss.
     
  2. Frank

    Joined:
    Aug 2, 2011
    Messages:
    258
    Likes Received:
    4
  3. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    That seems identical. I missed it and Googled up someone else's instructions.
     
  4. Frank

    Joined:
    Aug 2, 2011
    Messages:
    258
    Likes Received:
    4
    Today I created a task as described above. In the taskmanager I can see that a tcc-process is created, but no console-window is starting on my desktop!
    It was q'n'd because I had very little time today, but I didn't expect this to become a challenge ;)
    Next try tomorrow.
     
  5. Fross

    Joined:
    May 30, 2008
    Messages:
    224
    Likes Received:
    1
    I just tried this today and it worked perfectly. My only compliant (and it makes perfect sense) is that I get a new icon on my taskbar for tcmd since my other task bar quick access icon is not really tcmd, it's schtasks.
     
  6. Frank

    Joined:
    Aug 2, 2011
    Messages:
    258
    Likes Received:
    4
    I couldn't wait until tomorrow and just tried it via a remote session.
    I deleted the task and recreated it. Now it works! The difference is that now I've choosen "configure for: Windows 7 / Server 2008 R2" (before it was "Vista / Server 2008").
    Thanks.
     
  7. BitPusher

    Joined:
    Jan 9, 2009
    Messages:
    40
    Likes Received:
    0
    Even easier is to turn off "Run all administrators in Admin Approval Mode".

    If UAC is disabled, in
    HKLM,Software,Microsoft,Windows,CurrentVersion,Policies,System Set EnableLUA = 0

    Never heard again from UAC after doing that.

    Carl
     
  8. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    Well, I've been in full control for 20 years and finally got bitten ... infected with something ... affected the running Win7 as well as the backup Dell-installed XP on the same computer. So I reinstalled Win7 and am resolved to be (at least a little) more careful).

    Though I've removed the boot mechanism (with BCDEDIT) for the two infected OSs, their files are still in place and I'd like to look around for a clue to what I caught and how I caught it. I know nothing of AV software. Is there something simple, free, and thorough that I can simply run on demand (and won't integrate itself with the OS)?

    FWIW, the infection I had caused one of my svchost.exe processes (or a phony one) to make countless simultaneous outgoing HTTP (80) connections to hosts I didn't recognize by name. That process's memory use grew until it crashed; then it restarted and the bad behavior started again.
     
  9. TEA-Time

    Joined:
    Jun 2, 2008
    Messages:
    282
    Likes Received:
    1
    Ouch... SUPERAntiSpyware (yes, as cheesy as it sounds) and Malwarebytes Anti-Malware together are really good for cleaning up infected PCs. They need installed, but only run real-time if you pay for them. Otherwise, they're on-demand only, but just as effective.

    http://superantispyware.com/
    http://www.malwarebytes.org/

    TDSSKiller from Kaspersky is good for cleaning up the TDSS root kit. No install, just run the .exe.

    http://support.kaspersky.com/faq/?qid=208283363

    You can also upload individual files to VirusTotal and they'll scan them with a plethora of AV products.

    https://www.virustotal.com/
     
  10. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    The first two don't sound like they detect viruses/worms/trojans ... do they?
     
  11. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    And does TDSSKiller need to be run by the infected OS? That's impossible now.
     
  12. TEA-Time

    Joined:
    Jun 2, 2008
    Messages:
    282
    Likes Received:
    1
    "Malware" in general, but mostly trojans. They do a good job at detecting most every type of infection I've seen lately.

    I believe it does look in certain places, so it probably has to be. You don't just point it at a drive and tell it to go.
     
  13. TEA-Time

    Joined:
    Jun 2, 2008
    Messages:
    282
    Likes Received:
    1
    Oh yeah, there's also the McAfee Stinger, which cleans up the latest and most common crap that's out there. But I think it's like TDSSKiller and expects to be run on an infected system.

    http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx

    I'm not familiar with any offline scanners, but you might want to Google offline anti-virus scanner or something like that to see what's out there.
     
  14. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    Win7's Defender foundWin32/Sefnit.AJ in the old Win7, and Win32/Alureon.FK in the temp dir used by both (old) OSs. The TDSSKiller found nothing.

    So what about the built-in Windows Defender? It has been running (unobtrusively). Is it any good?
    So how do you get these things? I never do anything promiscuous (on the computer).
     
  15. TEA-Time

    Joined:
    Jun 2, 2008
    Messages:
    282
    Likes Received:
    1
    I'd totally forgotten about Windows Defender. Heh As far as I know Windows Defender is good, but I've never really used it. Not knowing Windows Defender, we decided on McAfee Anti-Virus Enterprise where I work, disabling Windows Defender. Back in 2004 when Microsoft bought GIANT AntiSpyware, which I hadn't heard of at the time, it was actually rated pretty high. I've never seen anything bad being said about it since either. Here's more background and info on it:

    http://en.wikipedia.org/wiki/Windows_Defender

    A lot of infections now days are drive-bys, where you're browsing a legitimate site that's been hacked to foist a barrage of exploits on your computer without requiring any interaction on your part. Sadly, I see a lot of that stuff happen from people just clicking on Google search hits. The most common attack vectors these days are Java, Adobe Flash, and Adobe Reader (although Adobe Reader X is pretty safe now as it operates sandboxed). Always make sure you're up-to-date as possible on at least those, in addition to Windows itself.

    Then there are sites that pop up a fake My Computer looking window (but it's a browser window) and pretends to be scanning your hard drive, of course telling you that infections were found and that your whole computer needs scanned, and then try and download an .exe file for you to run. A legitimate anti-virus program may tell you that a malicious file was found while you're browsing the web, but it will NEVER suddenly tell you that your whole computer needs scanned, nor throw an .exe at you to do it!

    A REALLY GOOD site to stay up to date with this kind of stuff and more is Krebs On Security. In fact, I was just in the middle of reading his latest post.

    http://krebsonsecurity.com/

    And of course there's the malicious spam with nasty links in them trying to socially engineer you. It's amazing how bad that's getting! Here's a great blog that keeps track of that junk. I think he works for SpamCop.

    http://blog.dynamoo.com/
    http://www.spamcop.net/
     
  16. Frank

    Joined:
    Aug 2, 2011
    Messages:
    258
    Likes Received:
    4
  17. samintz

    samintz Scott Mintz

    Joined:
    May 20, 2008
    Messages:
    1,177
    Likes Received:
    11
    My very favorite of all time is Vipre. They have a free scanner called Vipre Rescue that you just run without needing to install the full app. It is the most effective and lowest resource hog of any AV/AS product I've ever used. That combined with Malwarebytes is a very effective solution.

    http://www.vipreantivirus.com

    You can download VIPRE Rescue and Malwarebytes through the following site:

    http://vipre.malwarebytes.org/

    You can download ERD Commander 2005 and use the Remote Recover option to attach the infected drives remotely to a working PC. This link contains a tutorial on how to create a bootable USB key with ERD Commander on it. http://forum.xatrix.org/tutorials-f26/erd-commander-2005-usb-t1552.html

    -Scott
     
  18. samintz

    samintz Scott Mintz

    Joined:
    May 20, 2008
    Messages:
    1,177
    Likes Received:
    11
    It appears that the above link does not contain a link to download ERD Commander. I believe you can download it from MS if you have a MSDN, TechNet, or MSVL license. It was made by Winternals. Which was acquired by MS. It is part of the Microsoft Desktop Optimization Pack. It is contained in a tool called Desktop and Recovery Tool (DaRT).

    -Scott
     
  19. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Guys, sorry for the stupid question but how do you run a GUI version "schtasks"? I could do what I want to do using the command line program except I don't even see an option to "run as administrator in the "schtasks" help, and typing "Task Schedule" in the "Run" box as suggested by TimFrost in the thread "jpsoft.com/forums/threads/windows-7-run-tcc-as-admin-w-o-uac-intercept.3663/#post-20676" gives me simply a message box that says 'Windows cannot find 'Task' Make sure you typed the name correctly, and then try again.", and none of adding quotes or deleting the space or both gives me any better results. And the really horrible thing related to my bad memory as always is that I did this (almost!) successfully yesterday; I just want to modify what I had done a bit (and I've deleted the task I had created yesterday in trying to "experiment" with "schtasks").

    - Dan
     
  20. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    Schtasks.exe doesn't have a "run as admin" option. When you create the task (see my first post in this thread) you specify "run with the highest privileges". Later you just use schtasks.exe to run the task on demand. When all is said and done, I suspect you must be an administrator (though under UAC) to make the whole thing work.
     
  21. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Vince, you precisely didn't answer the question I was trying to ask!!! :) I know schtasks.exe doesn't have a "run as administrator" option; I found that out pretty much without a doubt by doing many "schtask ... /?" commands, none of which showed anything about an "administrator" option. So I clearly did this yesterday with a GUI program of some kind; but what GUI program???? All you say in your original posting as far as I can see is "Create a scheduled task:", but not with what.

    - Dan
     
  22. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    You can run TASKSCHD.MSC from a command line, get to it ("Task Scheduler") in ControlPanel\AdministrativeTools, or, if you're using the Win7 (new) start menu, just type "sch" there and it will be at the top of the list.
     
  23. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Update: After the posting the above I did yet another Google search for "scheduled tasks gui -ubuntu" and after poking through a fairly large number of results somebody said, as an aside, that "The "Scheduled Tasks" control panel GUI, and the "SCHTASKS" DOS command...", and there was the (very simple!) answer I was looking for. Somehow I had figured this out yesterday, but not today. But thank you all!

    And thank you, Vince, you posted your answer simultaneously with my finding the answer with Google.

    - Dan
     
  24. vefatica

    Joined:
    May 20, 2008
    Messages:
    7,783
    Likes Received:
    29
    What does "ubuntu" have to do with it?
     
  25. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Vince, absolutely nothing except that it kept coming up over and over in the Google search and it was clearly something I was not interested in (I don't even know what "ubuntu" is; nor do I care).

    - Dan
     
  26. JohnQSmith

    Joined:
    Jan 19, 2011
    Messages:
    560
    Likes Received:
    8
    It's a Debian Linux distribution. You can still not care, but at least you now know.
     
  27. mathewsdw

    Joined:
    May 24, 2010
    Messages:
    855
    Likes Received:
    0
    Thank you, Mr. Smith! :)
     
  28. Steve Pitts

    Joined:
    Jul 7, 2008
    Messages:
    158
    Likes Received:
    0
    Work without any UAC prompts, then yes, but such scheduled tasks will work regardless. If run under a non-admin user then you see the usual UAC elevation prompt and have to enter an administrator password before the task will actually run (I have one such task that runs RealTemp at log on time and therefore get such a prompt every time I log on).
     

Share This Page