Scanning for MyDoom

[dan]

I have seen many articles stating that it is important to Scan for the MyDoom worms on your network and remove them. Are there any admin tools that can scan the whole network and identify infected machines? I have tried running NMAP under Linux to look for the opened ports, but only found one computer. I know I have many more than that. Suggestions would be welcome.

Dan

 

[wbg34]

EEye's free retina scanner for mydoom is a good one.

http://www.eeye.com/html/Research/Tools/MyDoom.html

 

[swabs]

not sure if this is the best way but here is how I do it.
I get a list of all of the machines in the domain using dsquery.
I then run a for loop looking for the files taskmon.exe and shimgapi.dll
ie for windows 2000
for %i in (machine1 machine2 machine3 etc) do (dir \\%i\c$\winnt\system32\taskmon.exe >>file2k.txt)

ie for xp
for %i in (machine1 machine2 machine3 etc) do (dir \\%i\c$\windows\system32\shimgapi.dll >>filexp.txt)

This will tell you which machines have the file you are looking for and pipe it to a txt file.