Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2009 05:57 PM
I'm looking for the following files.
svchosts.exe
taskmon.exe
rundll.exe
service.exe
sound.exe
upnpsvc.exe
lsas.exe
logon.exe
helper.exe
event.exe
dumpreport.exe
msiexeca.exe
They are all located in c:\documents and settings\username\application data
Would this be how I add them to the LS GUI? (attached picture)
I would then need to run a report on the files located.
svchosts.exe
taskmon.exe
rundll.exe
service.exe
sound.exe
upnpsvc.exe
lsas.exe
logon.exe
helper.exe
event.exe
dumpreport.exe
msiexeca.exe
They are all located in c:\documents and settings\username\application data
Would this be how I add them to the LS GUI? (attached picture)
I would then need to run a report on the files located.
Labels:
- Labels:
-
Report Center
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-26-2009 12:36 AM
You can't use %documents and settings% you need to use c:\documents and settings\
Maybe it would be better to look at which registry keys are added by the virus.
Maybe you only need to find one HKEY_LOCAL_MACHINE key.
Maybe it would be better to look at which registry keys are added by the virus.
Maybe you only need to find one HKEY_LOCAL_MACHINE key.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2009 07:25 PM
These are files associated with a nasty virus that is propagating my network right now, so any help I could get on this would be greatly appreciated.
Thanks fellas.
Thanks fellas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2009 06:54 PM
Ok,
I've changed it to All Users because that's where the files can reside.
Does this look ok?
If so how do I make a report out of this?
I've changed it to All Users because that's where the files can reside.
Does this look ok?
If so how do I make a report out of this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-25-2009 06:26 PM
You will need to specify the real username instead of "username"
There is no parameter for this because most lileky there are multiple profiles for different users on each computer.
There is no parameter for this because most lileky there are multiple profiles for different users on each computer.
