Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Scanning for MyDoom

Status
Not open for further replies.

dan

MIS
Oct 7, 1998
298
US
I have seen many articles stating that it is important to Scan for the MyDoom worms on your network and remove them. Are there any admin tools that can scan the whole network and identify infected machines? I have tried running NMAP under Linux to look for the opened ports, but only found one computer. I know I have many more than that. Suggestions would be welcome.

Dan
 
not sure if this is the best way but here is how I do it.
I get a list of all of the machines in the domain using dsquery.
I then run a for loop looking for the files taskmon.exe and shimgapi.dll
ie for windows 2000
for %i in (machine1 machine2 machine3 etc) do (dir \\%i\c$\winnt\system32\taskmon.exe >>file2k.txt)

ie for xp
for %i in (machine1 machine2 machine3 etc) do (dir \\%i\c$\windows\system32\shimgapi.dll >>filexp.txt)

This will tell you which machines have the file you are looking for and pipe it to a txt file.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top