Find that infected computer

Utilize "NET SEND" in your NT/2000 logon script to find infected client computers.

This tip was submitted to the SearchWin2000.com Tip Exchange by member Brad Blauvelt. Let other users know how useful it is by rating the tip below.


You have a virus epidemic on some of your client computers. But which ones? Utilizing "NET SEND" in your NT/2000 logon script may help find them.

So some of your users opened that message and attachment promising a photo of Anna Kournikova or worse. And now you get to clean up the mess. You're not looking forward to going from computer to computer to find out which ones have it and which ones don't. There's where the "net send" command can come in handy. If the virus (as many do) writes specific-named files to the client's hard drive, net send can be configured to send you a message telling you which computers are infected. Here's an example.

if exist C:WINDOWSANNAKOURNIKOVA.JPG.VBS net 
    send ADMINPC "The Computer named %COMPUTERNAME% is 
    infected with the Anna Kournikova virus"
You'll need to check a good anti-virus vendor site to find a file name to refer to, then replace "c:windowsannakournikova.jpg.vbs" with the infected file name. Unfortunately, this will not work for viruses like Magistr, which infect files at random on your system.

Next, you change the "ADMINPC" to whatever destination computer name you want the message sent to. The destination computer needs to have Windows Messenger Service running, or WinPopUp if it's a Windows 9x computer.

The text that follows - "The computer named . . ." can be any text you'd like. The %computername% variable is a useful, as it will read from the client computer's environment include it in the message.

The destination computer will receive a message on the screen, and if it's an NT/2000 system, an event will be written to the System Log.


This was first published in February 2002
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close