HELP! laptop stolen with nod RAC

Discussion in 'NOD32 version 2 Forum' started by mtyn, Nov 2, 2007.

Thread Status:
Not open for further replies.
  1. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    Hi all,
    One of our ex-employees has stolen his laptop. However it still checks in to our NOD RAC. I was wondering if there was anything I could do with this as far as pushing out a batch file or something like that to run a few commands on his machine?

    any help would be much appreciated.

    thanks
    paul
     
  2. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    Hi mtyn
    if you mean he still accesses to your Remote Administrator Server (RAS) then i would suggest you change password to login RAS.

    what kind of command do you want to EXECUTE?
     
  3. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    Hi, sorry yes I do mean RAS.

    Im not terrible concerned with disconnecting him from the RAS, since right now thats the only way I have of tracking his IP address.

    My goal is to try to push out a script to delete sensitive company files on the laptop and disable his user account so that the laptop would be useless to him unless he rebuilt it. I know how to write the scripts that I want. What I dont know (if it is even remotely possible) is how I could attach the files to say a scheduled scan or update to run them.
     
  4. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    Hi back again,

    unfortunately things are not working out like i had hoped.

    To recap: what I've done is set up a new profile configuration to push out the next time the computer connects to the RAS. in the configuration I have the option to set an external application to run via add scheduled task (NOD32 Kernel - Execution of external application). however Ive set up a test and all that seems to happen is that the command window pops up and the parameters ive set up dont run.

    exactly what ive set up is this
    File:
    c:\windows\system32\cmd.exe
    Work directory:
    c:\windows\system32
    Command line:
    net user username newpassword

    all that happens is the command window pops up and no arguments are run.

    any ideas?
     
  5. smith2006

    smith2006 Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    759
    Since this is a laptop theft case & you have the culprit's particulars, have you made a police report?
     
  6. ASpace

    ASpace Guest

    Speaking in that director (running an external application) , you can make his NOD32 run an external application (e.g. C:\path...\file.bat) . The can be a bat file which can delete files on his computer (company information and some operaring system files) so that you make the machine useless .

    NOD32 can run the bat file . The problem is how will that file appear on that machine ... If you can find a way for a bat file to appear on the laptop ...
     
  7. johchi

    johchi Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    17
    Location:
    Farnham, UK
    Speaking in ignorance... Would the command work using a UNC address instead of the local C:\ one? I.e. \\RAserver\path\file.bat - while connected and authenticated during a scheduled RAS session?
     
  8. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    thanks for your replies.

    I have tested the ability for the running of a batch file and it does indeed work. and for the future i plan to deploy company laptops with a sabotage batch file somewhere so i can run it should the laptop take off. however I didnt think of this before. so im stuck with trying to get it to run commands. if anyone has any idea how to make this work, im all ears.

    i havent reported him criminally yet because management hasnt told us to yet. they still hold out hope that he is going to give it back.
     
  9. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    Hi all,
    I did end up getting that laptop back. However i am still interested in the functionality of having NOD run a command with arguments. anyone have any ideas?
     
  10. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    if you could store a program/batch file on a public server, you might be able to construct a call from your RAS to push a "fetch" command and run the results...... just thinking out loud... might be detected by NOD32 as malicious though! ;)
     
  11. mtyn

    mtyn Registered Member

    Joined:
    Jul 12, 2007
    Posts:
    7
    Update: I figured it out.
    For anyone who would like to know the trick is to start your command arguments with /c . This pipes the commands directly.
    Thanks for all your help
     
  12. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    We are now in the same boat. The airlines stole one of our laptops. We can see it connecting to our Nod32 RA via various public WIFI's. I have the ability to schedule tasks. This is Vista without a password.

    How do I schedule a remote wipe of the PC? Can I do %WINSYSDIR%\CMD.EXE on the command line and /C del c:\*.* /s/q in the parameters?

    Thanks!
     
    Last edited: Apr 8, 2008
  13. ASpace

    ASpace Guest

    I don't know . However if UAC is enabled Vista will for sure require administrative rights for CMD and permission to delete all files in C:\
     
Thread Status:
Not open for further replies.