Tuesday, 21 April 2009

Find-Conficker

The Need:
I needed to search all servers in AD to check for the presence of a dll file dropped by the Conficker virus.


The Script:
#Find-Conficker.ps1
#Get the server list
$ServerList = @(get-qadcomputer -OSName "Windows Server*"); $Servers = $ServerList | foreach {$_.Name}; Write-host "These Servers will be checked" -fore green ; $Servers

#Ping Server
function Find-Infection{
$ping = gwmi -q "SELECT * FROM Win32_Pingstatus WHERE Address = '$serv'"
if($ping.statusCode -eq 0) { Write-Host "Checking $Serv Now" -fore Yellow;

#Check for File
gci -path \\$serv\c$\windows\system32 -filter *.dll -force | where { $_.attributes -eq "ReadOnly, Hidden, System, Archive" }
}
else { write-host "$serv is not responding" -for Red}
}
foreach ($serv in ($servers))
{
Find-Infection | select Length,Mode,FullName | ft -auto
}
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)