Find that infected computer

This tip was submitted to the SearchWin2000.com Tip Exchange by member Brad Blauvelt. Let other users know how useful it is by rating the tip below.

You have a virus epidemic on some of your client computers. But which ones? Utilizing "NET SEND" in your NT/2000 logon script may help find them.

So some of your users opened that message and attachment promising a photo of Anna Kournikova or worse. And now you get to clean up the mess. You're not looking forward to going from computer to computer to find out which ones have it and which ones don't. There's where the "net send" command can come in handy. If the virus (as many do) writes specific-named files to the client's hard drive, net send can be configured to send you a message telling you which computers are infected. Here's an example.

    send ADMINPC "The Computer named %COMPUTERNAME% is 
    infected with the Anna Kournikova virus"
You'll need to check a good anti-virus vendor site to find a file name to refer to, then replace "c:windowsannakournikova.jpg.vbs" with the infected file name. Unfortunately, this will not work for viruses like Magistr, which infect files at random on your system.

Next, you change the "ADMINPC" to whatever destination computer name you want the message sent to. The destination computer needs to have Windows Messenger Service running, or WinPopUp if it's a Windows 9x computer.

The text that follows - "The computer named . . ." can be any text you'd like. The %computername% variable is a useful, as it will read from the client computer's environment include it in the message.

The destination computer will receive a message on the screen, and if it's an NT/2000 system, an event will be written to the System Log.

This was first published in February 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.