HELP! laptop stolen with nod RAC

Hi all,
One of our ex-employees has stolen his laptop. However it still checks in to our NOD RAC. I was wondering if there was anything I could do with this as far as pushing out a batch file or something like that to run a few commands on his machine?

any help would be much appreciated.

thanks
paul

 

Hi mtyn
if you mean he still accesses to your Remote Administrator Server (RAS) then i would suggest you change password to login RAS.

what kind of command do you want to EXECUTE?

 

Hi, sorry yes I do mean RAS.

Im not terrible concerned with disconnecting him from the RAS, since right now thats the only way I have of tracking his IP address.

My goal is to try to push out a script to delete sensitive company files on the laptop and disable his user account so that the laptop would be useless to him unless he rebuilt it. I know how to write the scripts that I want. What I dont know (if it is even remotely possible) is how I could attach the files to say a scheduled scan or update to run them.

 

Hi back again,

unfortunately things are not working out like i had hoped.

To recap: what I've done is set up a new profile configuration to push out the next time the computer connects to the RAS. in the configuration I have the option to set an external application to run via add scheduled task (NOD32 Kernel - Execution of external application). however Ive set up a test and all that seems to happen is that the command window pops up and the parameters ive set up dont run.

exactly what ive set up is this
File:
c:\windows\system32\cmd.exe
Work directory:
c:\windows\system32
Command line:
net user username newpassword

all that happens is the command window pops up and no arguments are run.

any ideas?

 

Since this is a laptop theft case & you have the culprit's particulars, have you made a police report?

 

Speaking in that director (running an external application) , you can make his NOD32 run an external application (e.g. C:\path...\file.bat) . The can be a bat file which can delete files on his computer (company information and some operaring system files) so that you make the machine useless .

NOD32 can run the bat file . The problem is how will that file appear on that machine ... If you can find a way for a bat file to appear on the laptop ...

 

Speaking in ignorance... Would the command work using a UNC address instead of the local C:\ one? I.e. \\RAserver\path\file.bat - while connected and authenticated during a scheduled RAS session?

 

thanks for your replies.

I have tested the ability for the running of a batch file and it does indeed work. and for the future i plan to deploy company laptops with a sabotage batch file somewhere so i can run it should the laptop take off. however I didnt think of this before. so im stuck with trying to get it to run commands. if anyone has any idea how to make this work, im all ears.

i havent reported him criminally yet because management hasnt told us to yet. they still hold out hope that he is going to give it back.

 

Hi all,
I did end up getting that laptop back. However i am still interested in the functionality of having NOD run a command with arguments. anyone have any ideas?

 

if you could store a program/batch file on a public server, you might be able to construct a call from your RAS to push a "fetch" command and run the results...... just thinking out loud... might be detected by NOD32 as malicious though!

 

Update: I figured it out.
For anyone who would like to know the trick is to start your command arguments with /c . This pipes the commands directly.
Thanks for all your help

 

We are now in the same boat. The airlines stole one of our laptops. We can see it connecting to our Nod32 RA via various public WIFI's. I have the ability to schedule tasks. This is Vista without a password.

How do I schedule a remote wipe of the PC? Can I do %WINSYSDIR%\CMD.EXE on the command line and /C del c:\*.* /s/q in the parameters?

Thanks!

 

I don't know . However if UAC is enabled Vista will for sure require administrative rights for CMD and permission to delete all files in C:\