Problem solve Get help with specific problems with your technologies, process and projects.

Find that infected computer

Utilize "NET SEND" in your NT/2000 logon script to find infected client computers.

This tip was submitted to the Tip Exchange by member Brad Blauvelt. Let other users know how useful it is by rating the tip below.

You have a virus epidemic on some of your client computers. But which ones? Utilizing "NET SEND" in your NT/2000 logon script may help find them.

So some of your users opened that message and attachment promising a photo of Anna Kournikova or worse. And now you get to clean up the mess. You're not looking forward to going from computer to computer to find out which ones have it and which ones don't. There's where the "net send" command can come in handy. If the virus (as many do) writes specific-named files to the client's hard drive, net send can be configured to send you a message telling you which computers are infected. Here's an example.

    send ADMINPC "The Computer named %COMPUTERNAME% is 
    infected with the Anna Kournikova virus"
You'll need to check a good anti-virus vendor site to find a file name to refer to, then replace "c:windowsannakournikova.jpg.vbs" with the infected file name. Unfortunately, this will not work for viruses like Magistr, which infect files at random on your system.

Next, you change the "ADMINPC" to whatever destination computer name you want the message sent to. The destination computer needs to have Windows Messenger Service running, or WinPopUp if it's a Windows 9x computer.

The text that follows - "The computer named . . ." can be any text you'd like. The %computername% variable is a useful, as it will read from the client computer's environment include it in the message.

The destination computer will receive a message on the screen, and if it's an NT/2000 system, an event will be written to the System Log.

Dig Deeper on Windows legacy operating systems

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.