Tom,
I haven't tried this but it should work. Run this script then kill the
process that is running then delete the file.
~~~~~~SCRIPT START~~~~~~
Option Explicit
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "<INSERT COMPUTER HERE> <or . for local computer>"
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "software\microsoft\windows\currentversion\run\<NAME OF
REGKEY>"
oReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
~~~~~SCRIPT END~~~~~~
HTH
Rick
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom
Sent: Tuesday, September 07, 2004 8:53 AM
To: ActiveDir (E-mail)
Subject: [ActiveDir] OT:logon script
Hi, I went on vacation and upon returning my network seems to have been
infected with worm_sypbot.dn(Trend Micro's name) . i have about 50
pc's(win2k/xp) infected and even though my symantec corp defs are up to
date, it can't clean the worm because its already running in mem.
i know it creates a reg entry in
hkey_local_machine\software\microsoft\windows\currentversion\run.
my question is, rather than go to 50 pc's and reboot in safe mode and do a
scan, can someone point me to a good vbscript that i can run as a logon
script to delete the reg entries.
unless someone out there has a better solution.
thanks alot
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
