Another gem, Inspect Task Scheduler for rundll.exe

Really? Should there ever be rundll.exe scheduled? Well not in environment, so that raises red flags. I root them out with this.


@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
Echo GET'EM...

SET FOUNDLOG=C:\Logs\FOUND_AT.bat

DEL /Q %FOUNDLOG%

call:RUNONHOST MachineNameX
IF EXIST %FOUNDLOG% (
::DEL /Q %FOUNDLOG%
ECHO YOUR GOT PROBLEMS!!!
) ELSE (
ECHO THIS HOUSE IS CLEAN
PAUSE
)
GOTO :EOF

:RUNONHOST
SETLOCAL
SET HOST=%1
:: Run it
ECHO CHECKING TASKS ON: !HOST!

FOR /F "skip=2 delims==^R" %%x IN ('AT \\%HOST%') DO (
SET _Search=%%x
ECHO !_Search!
::Check if line contains "rundll"
FOR /l %%a in (0,1,80) DO (
SET word=!_Search:~%%a,6!
IF "!word!"=="rundll" (
:: Output delete with id
ECHO FOUND
FOR /F "tokens=1-8 delims=. " %%h IN ("!_Search!") DO (
ECHO \\%HOST% -- %_Search%
ECHO AT \\%HOST% %%h /DELETE >>%FOUNDLOG%
)
)
)

)
ENDLOCAL
GOTO :EOF

Comments :

0 comments to “Another gem, Inspect Task Scheduler for rundll.exe”