If your are admin of all of the machines, then you could use the built in reg.exe which is included with xp to reach out and delete the keys, or even included it in the login script so it'll do it on each machine.
REG DELETE \\comp1\HKLM\software\microsoft\windows\currentversion\run /v virusvaluename /f
Where comp1 is the remote computer. Leave off the \\comp1\ part if you are doing it in a login script.
Paul Wilkinson 865-974-0649 2422 Dunford Hall OIT Lab Services University of TN, Knoxville
Kern, Tom wrote:
Hi, I went on vacation and upon returning my network seems to have been infected with worm_sypbot.dn(Trend Micro's name) . i have about 50 pc's(win2k/xp) infected and even though my symantec corp defs are up to date, it can't clean the worm because its already running in mem. i know it creates a reg entry in hkey_local_machine\software\microsoft\windows\currentversion\run.
my question is, rather than go to 50 pc's and reboot in safe mode and do a scan, can someone point me to a good vbscript that i can run as a logon script to delete the reg entries. unless someone out there has a better solution. thanks alot List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
