RE: PSExec starting stopping

Tue, 22 Sep 2009 09:54:42 -0700 

Might be a scheduled task somewhere... A sniff might be in order...

***********************
Charlie Kaiser
[email protected]
Kingman, AZ
***********************  

> -----Original Message-----
> From: David W. McSpadden [mailto:[email protected]] 
> Sent: Tuesday, September 22, 2009 9:47 AM
> To: NT System Admin Issues
> Subject: Re: PSExec starting stopping
> 
> Yeah but it is voodoo if I am not the one sending the commands....
>  
> 
>       ----- Original Message ----- 
>       From: Free, Bob <mailto:[email protected]>  
>       To: NT System Admin Issues 
> <mailto:[email protected]>  
>       Sent: Tuesday, September 22, 2009 12:41 PM
>       Subject: RE: PSExec starting stopping
> 
> 
>       Psexec installs itself as a service on the fly and 
> uninstalls automatically (most of the time) when it's 
> completed whatever  you had it do with a clean exit. Always 
> has. If you check the SCM while it is doing something, you 
> will see it running under the credentials you specified on 
> the command line.
> 
>        
> 
>       Same for PSKill and some of Mark's other utilities. 
> That's how he accomplishes some of the remote magic..of 
> course running them a Local System when necessary also helps. J
> 
>        
> 
>       "PsExec starts an executable on a remote system and 
> controls the input and output streams of the executable's 
> process so that you can interact with the executable from the 
> local system. PsExec does so by extracting from its 
> executable image an embedded Windows service named Psexesvc 
> and copying it to the Admin$ share of the remote system. 
> PsExec then uses the Windows Service Control Manager API, 
> which has a remote interface, to start the Psexesvc service 
> on the remote system"  
> http://windowsitpro.com/Windows/Articles/ArticleID/42919/pg/2/2.html
> 
>        
> 
>        
> 
>        
> 
>       From: David W. McSpadden [mailto:[email protected]] 
>       Sent: Tuesday, September 22, 2009 7:51 AM
>       To: NT System Admin Issues
>       Subject: PSExec starting stopping
> 
>        
> 
>       I noticed in a member server event log this morning 
> PSExec service stop, start, stop start???
> 
>       I don't remember installing PSExec on this machine 
> especially as a service???
> 
>       <Flame:ON>
> 
>        
> 
>        
> 
>        
> 
>       
>        
> 
>       
> 
>  
> 
>  
> 
> 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to