Does anyone know of a method to search for an individual file over a domain? We've got a worm that made it past CA's eTrust antivirus, which is now propagating through thumbdrives, cameras, MP3 players etc(autorun.inf / usb.wsf). So...I'm looking for a way to do a command line search for it (usb.wsf) so I can then destroy it. Ultimately I'd like to do a BATch file so as to automate the entire search & destroy process, until we can get a antivirus program that understands that viruses propagate through removable devices/media (DUH!).
Note: I've tried using the following but it does not work, as it apparently can not "find" the server, using the servers name:
For maximum security and certainty of total destruction, I would treat each domain client separately with the same anti-malware programme. My choice would be MalwareBytes from the dot.com site of the same name.
CA AVs are next to useless in my opinion - Microsoft Security Essentials and the Windows firewall would do a better job.
Thanks. All ready tried MalWareBytes. plus am on a corporate network, so it is not up to me to select the AV software (Though this issue is prompting some "review" at levels higher than myself).
Malwares Bytes doesn't catch/find this one either. That is why I am hoping to find an answer to my original question, so I can do a search for this file, from the command line, instead of from inside a Win Explorer Serach "box".
Thanks for the return reply. I can search and find the worm using the search function in Win Explorer, which is what I have been doing so far, to help aid our IT team. (I'm an engineer in our Special Programs group who first discovered that we had been infected). So was hoping someone might know a Win XP command that could be batched, so as to automate the "search and destroy" function. ***Plus could see this as being useful when rying to locate any file on a domain*** Worst case, we (myself & IT folks) are talking about doing a Perl script to go out and do this.
All-in-all, we have around 100 PC's on this network, of which 6-8 are windows 2003 servers.
Anyway, as you stated in your first post CA is not worth a hoot. Avast, or many others could have caught this up front, however we are now in damage control mode, and trying to erradicate it. It's the old saying "an ounce of preventation is worth a pound of cure".