RE: Virus targeting my print server
From: Rich Benack (richbe_at_on-line.microsoft.com)
Date: 11/25/03
- Previous message: Nick Finco [MSFT]: "Re: security policies"
- In reply to: Brian Gibson - Wheaton College: "Virus targeting my print server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 24 Nov 2003 23:28:57 GMT
Many of the Major Antivirus vendors have free scanning tools. You can run
one or more of them along with your AV software to look for a virus.
You may also want to look at what processes & services are running to see
if there is anything unussual.
You can also see what applications are starting up. In addition to the
startup folders, here are some registry places you can look:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
Manager\KnownDLLs
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\KnownDLLs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
("run=" line)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnceEx
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
("run=" value)
I hope this helps
Rich
This posting is provided "AS IS" with no warranties, and confers no rights
- Previous message: Nick Finco [MSFT]: "Re: security policies"
- In reply to: Brian Gibson - Wheaton College: "Virus targeting my print server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
