Re: Script
From: Radoslav Dejanoviæ (radoslav.dejanovic@zagreb.hr)Date: 08/14/01
- Previous message: gminick: "Re: port 2047/dls"
- In reply to: Rich Richenberg: "Script"
- Next in thread: gminick: "Re: Script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <004e01c12490$c03d7bf0$6e080b0a@glupson> From: "Radoslav Dejanoviæ" <radoslav.dejanovic@zagreb.hr> To: "Rich Richenberg" <rich.richenberg@peregrine.com>, <SECURITY-BASICS@securityfocus.com> Subject: Re: Script Date: Tue, 14 Aug 2001 09:14:26 +0200
> Does anyone have a basic C or perl script that looks for a file? I need a
> template to create check for the flcss.exe file the funlove virus leaves
on
> systems.
cd c:\
dir flcss.exe /s > c:\infected.txt
cd d:\
dir flcss.exe /s >> c:\infected.txt
cd e:\
dir flcss.exe /s >> c:\infected.txt
and so on...
this is a simple check routine, you can put it into a batch file and run it
overnight.
It will collect all directories where the file is present, together with
the size and the
timestamp. Be careful if you're running it as plain user on NT and 2000, it
won't search
trough entire directory structure (permissions!).
At the end, you'll have infected.txt file in your C: root dir, with the
results.
This one is quick, dirty and big I/O hog, so it is better to run it in a
night shift.
After you have the .txt file, you can parse it in whatever language you
like, or do it manually. :-)
- Previous message: gminick: "Re: port 2047/dls"
- In reply to: Rich Richenberg: "Script"
- Next in thread: gminick: "Re: Script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
