Sign in with
Sign up | Sign in
Your question

XP- File search across a domain?

Last response: in Networking
Share
December 14, 2010 4:43:20 PM

Hello,

Does anyone know of a method to search for an individual file over a domain? We've got a worm that made it past CA's eTrust antivirus, which is now propagating through thumbdrives, cameras, MP3 players etc(autorun.inf / usb.wsf). So...I'm looking for a way to do a command line search for it (usb.wsf) so I can then destroy it. Ultimately I'd like to do a BATch file so as to automate the entire search & destroy process, until we can get a antivirus program that understands that viruses propagate through removable devices/media (DUH!).

Note: I've tried using the following but it does not work, as it apparently can not "find" the server, using the servers name:

Attempted: ds \\MFalcon\usb.wsf /s > infected.txt

Result: "The network path was not found."

I can ping MFalcon though....

Thanks in advance for any help/assistance.

More about : file search domain

December 14, 2010 5:13:30 PM


For maximum security and certainty of total destruction, I would treat each domain client separately with the same anti-malware programme. My choice would be MalwareBytes from the dot.com site of the same name.

CA AVs are next to useless in my opinion - Microsoft Security Essentials and the Windows firewall would do a better job.

m
0
l
December 14, 2010 5:21:58 PM

Saga,

Thanks. All ready tried MalWareBytes. plus am on a corporate network, so it is not up to me to select the AV software (Though this issue is prompting some "review" at levels higher than myself).

Malwares Bytes doesn't catch/find this one either. That is why I am hoping to find an answer to my original question, so I can do a search for this file, from the command line, instead of from inside a Win Explorer Serach "box".

Thanks,

Mark
m
0
l
Related resources
December 15, 2010 6:17:52 AM

Mark_Bevington said:
Saga,

Thanks. All ready tried MalWareBytes. plus am on a corporate network, so it is not up to me to select the AV software (Though this issue is prompting some "review" at levels higher than myself).


If the usual search facility built into XP doesn't allow you search the entire network, there probably won't be a workable command line option either. How many systems are involved here?

Please ignore any advice about using ComboFix that doesn't include warnings about doing so without thoroughly reading the instrucitons on how to do so.
m
0
l
December 15, 2010 2:56:50 PM

Saga,

Thanks for the return reply. I can search and find the worm using the search function in Win Explorer, which is what I have been doing so far, to help aid our IT team. (I'm an engineer in our Special Programs group who first discovered that we had been infected). So was hoping someone might know a Win XP command that could be batched, so as to automate the "search and destroy" function. ***Plus could see this as being useful when rying to locate any file on a domain*** Worst case, we (myself & IT folks) are talking about doing a Perl script to go out and do this.

All-in-all, we have around 100 PC's on this network, of which 6-8 are windows 2003 servers.

Anyway, as you stated in your first post CA is not worth a hoot. Avast, or many others could have caught this up front, however we are now in damage control mode, and trying to erradicate it. It's the old saying "an ounce of preventation is worth a pound of cure".

Thanks again....
m
0
l
!