[DonDodge]

I found a malicious task planted in the Task Scheduler of Vista Home Premium. This task is designed to create an illusion the computer is infected with a virus.

Is there any way I can determine the exact event that was originally programmed into the task that activated the trigger and set the task in motion?

Edit: I should add this is a reverse engineered OEM version of Vista.

[lunarlander]

I wouldn't trust any pirated OS version. They can insert all sorts of keyloggers, botnet clients into it and you wouldn't know. Think about it, you do email, business and private stuff on it and all the while this guy is reading everything through a backdoor.

[DonDodge]

This is not a pirated operating system lunarlander. It's fully licensed by Microsoft and is the OS provided in the recovery partition of a laptop computer purchased from a major brick & mortar office supply company. The computer came in factory packaging with all seals intact. What you state above is exactly what I'm concerned about since the computer was purchased for business use and must be secure.

As I said, I've found a malicious task. It was programmed into the image provided by the manufacturer.

I know all the parameters for the task as well as the settings and conditions that control how it runs. I also have all the info on the trigger that makes it run NOW. What I can't find is the particular piece of programming that activated the task BEFORE the trigger took over. It wasn't installation of the software from the recovery partition to the C: drive.

I have the complete history of the task from the log. This dates back to the first time the task was executed. I have a very good idea what originally set the task in motion but I can't prove it until I find the programming that did it.