cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
Well, in the last weeks I've faced a lot of new vírus that were not detected by an antivirus, so I had to figure out how they have entered in the computer. I've installed this neat action to check logged in user internet history, and it also works for files accessed:
1. get this great nirsoft utility http://www.nirsoft.net/utils/iehv.html
2. add this action:
\\server\share$\Lansweeper\iehv.exe -folder "\\{computer}\c$\Documents and Settings\{username}\Local Settings\History" 


That's it, you get the history and you can easilly know where that vírus come from, many of them are from google searches and they only install when clicking on the search result, if you click directly on the link it does nothing. I will not post examples since I could be helping to spread those vírus - they offer themselfs to the user as being an antivirus sofware,
14 REPLIES 14
Anonymous
Not applicable
Although this is not so simple or usefull for many of you, I've made a simple interface so I can use Internet history of a Firefox user, using the tool from Nirsoft: http://www.nirsoft.net/utils/mozilla_history_view.html

Using AutoIt, I've made this simple script to get the firefox profile directory:
Global $FFprofilesDir
$FFprofilesDir = $CmdLine[1]
$FFprofilesIni = $FFprofilesDir & "\profiles.ini"
$ProfilePath=IniRead($FFprofilesIni,"Profile0","Path","")
$replace = StringReplace($ProfilePath, "/", "\")
Run("MozillaHistoryView.exe -file " & """" & $FFprofilesDir & "\" & $replace & "\places.sqlite" & """")


Note that I read the file "places.sqlite", but it can be history.dat depending on your firefox version I guess.

You will need to put this dll's on the same folder of the actions if you don't have firefox installed on the running computer:
http://www.sqlite.org/sqlitedll-3_6_23_1.zip
You should also put MozillaHistoryView.exe on the actions folder, as well as the compiled autoit script, I've named it FirefoxVHHelper.exe

The action should be something like:
{actionpath}FirefoxVHHelper.exe "\\{computer}\c$\Documents and Settings\{username}\Application Data\Mozilla\Firefox"


Thats it.

Edit: For those who need the compiled version of the script, I've attached now that file. It only reads "places.sqlite" file; the code is posted on the top of this message.
afionda
Engaged Sweeper
VERY NICE BULL !!!!
Perkins
Engaged Sweeper
Great Tool....thanks!
cvau89
Engaged Sweeper
Hey - Great custom action - does anyone understand how to do anything similar with the chrome browser?
mrdaytrade
Engaged Sweeper III
This is a great custom action... thank you!

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now