Controlling Another Computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Panther1310

Thread Starter
Joined
Dec 4, 2017
Messages
17
Hi,

Is it possible for someone to use an API to control all your computer on your network?

Elaine
 

Panther1310

Thread Starter
Joined
Dec 4, 2017
Messages
17
I've just found a file migrated called shell unlock

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>Sediment</Author>
<Description>USO Scan upon Unlock</Description>
<URI>\Microsoft\Windows\rempl\shell-unlock</URI>
</RegistrationInfo>
<Triggers>
<SessionStateChangeTrigger>
<Enabled>true</Enabled>
<StateChange>SessionUnlock</StateChange>
</SessionStateChangeTrigger>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription>&lt;QueryList&gt;&lt;Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"&gt;&lt;Select Path="Microsoft-Windows-NetworkProfile/Operational"&gt;*[System[Provider[@Name='Microsoft-Windows-NetworkProfile'] and EventID=10000]]&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
</EventTrigger>
</Triggers>
<Principals>
<Principal id="LocalSystem">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>false</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>6</Priority>
</Settings>
<Actions Context="LocalSystem">
<Exec>
<Command>%ProgramFiles%\rempl\remsh.exe</Command>
<Arguments>/RunUsoScanOnly</Arguments>
</Exec>
</Actions>
</Task>

is that normal?
 
Joined
Sep 21, 2007
Messages
12,118
Most remote admin programs need to start up upon boot. Go download AutoRuns from MS SysInternals:

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

It will show you almost all programs in the registry that start up automatically. I remember there is a right click choice to check a file against VirusTotal. Check for files that look familiar but spelt wrong, like 'svchosts' instead of 'svchost'
 

Panther1310

Thread Starter
Joined
Dec 4, 2017
Messages
17
can you let me know if theres anything there or if you still need to see more.

Thanks for your help
 

dmccoy

Darrin
Joined
Oct 7, 2017
Messages
4,489
It would be much easier to help you if you upload the file rather then post all the screenshots

1. Make sure Hide Microsoft Entries is Checked Under the Options Menu
2. After Scanning is Finished
3. Go to File then Save
4. Save as AutoRuns.am file or as Autoruns.txt to known location like your Desktop
5. Upload file to your next reply. You may have to compress the file to .zip before uploading if you use .am extension.
 
Joined
Sep 21, 2007
Messages
12,118
That account unknown can be the result of you previously deleting an account. When you delete an account, the permissions for it remains embedded in files which that account used to be able to access.

Don't ask me to go thru the Autoruns screen shots for you. I just save a baseline and compare them.
 
Last edited:

dmccoy

Darrin
Joined
Oct 7, 2017
Messages
4,489
Yes! You will either have to update the correct Permissions or you can try saving to desktop
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top