Jim,
Thanks for the info. I could not get it to run either.
Ann
Ann Bloomquist
Ann Bloomquist
Technology Coordinator
Dayton Elementary School
Southeast Webster-Grand
104 2nd St NW
Dayton, IA 50530
Phone: 515-547-2314
Fax: 515-547-2213
and
Boxholm Middle School
Southeast Webster-Grandl
404 Walnut St.
Boxholm, IA 50040
Phone 515-846-6214
Fax 515-846-6212
e-mail: [email protected]
alternate e-mail: [email protected]
On Mar 31, 2009, at 12:00 PM, Jim Kerns wrote:
Scott,
I could not get this to run without installing Python (http://
www.python.org/ftp/python/2.6.1/python-2.6.1.msi). "The system
cannot execute the specified program". Just FYI, maybe save
somebody some troubleshooting steps.
Jim
"Scott Fosseen" <[email protected]> 3/30/2009 5:12 PM >>>
Provided is a link to a scanner that should detect the presence of the
Conficker worm. It comes from a link I trust so I believe it is
safe to run
on your networks. The tool can scan all the active computers on your
network for the worm.
FYI: here is the link threads
http://isc.sans.org/diary.html?storyid=6097
http://honeynet.org/node/388
---
Start by downloading
http://www.doxpara.com/scs.zip (This is a link from the
honeynet.org/node/388 page)
to a windows workstation.
Once downloaded extract the files. The extracted SCS folder contains
another SCS folder.
Move the second folder to the root of the C:\ drive so all the
files are in
C:\SCS
Open up a 'Command' prompt
type 'c:'
type 'cd \scs'
Scan the local machine first by typing:
'scanner localhost'
The results will show in the window when complete.
--
To scan the network, type:
'scs start-ip end-ip >>scslog.txt'
where start-ip is the lowest IP address you want to scan (10.147.0.1)
end-ip is the highest IP address you want to scan (10.147.0.254)
The results will be saved to c:\scs\scslog.txt
--
Note: When running 'scs.exe' it takes a long time to scan
unassigned IP
addresses. I would recommend that if you have a subnet mask of
255.255.0.0
that you run the program several times on ranges that you know have
computers. Check your DHCP server and verify the high and low IP
addresses
that are currently assigned to get your starting place. I would
also run
against server IP addresses.
If you run the program several times change the 'scslog.txt'
filename to a
unique name for every scan.
Another note:
When using the redirect '>>' all output that would typically show
on the
screen is redirected to the text file. Once you launch the 'scs'
command
the screen will not show anything. When the program is done the c:
\ prompt
will return.
---
Open the scslog.txt file with notepad to see the results of the scan.
The responses should be
no response - IP address
IP Address appears to be clean
IP address seems to be infected by Conficker
Good Luck
_____________________________________________________________________
This email and any files transmitted with it are confidential and
intended
solely for the use of the individual or entity to whom they are
addressed.
If you are not the named addressee you should not disseminate,
distribute or
copy this e-mail. Your are asked to notify the sender immediately
by e-mail
if you have received this e-mail by mistake and delete this e-mail
from your
system. Please note that any views or opinions presented in this
email are
solely those of the author and do not necessarily represent those
of Prairie
Lakes Area Education Agency. Prairie Lakes Area Education Agency
accepts no
liability for any damage caused by any virus transmitted by this
email. -
_____________________________________________________________________
Scott Fosseen - Systems Engineer - Prairie Lakes AEA -
http://www.aea8.k12.ia.us/tech
_____________________________________________________________________
I may not have gone where I intended to go, but I think I have ended
up where I intended to be. - Douglas Adams
_____________________________________________________________________
---
[This E-mail scanned for viruses by Declude Virus on the server
aea8.k12.ia..us]
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/[email protected]/
---------------------------------------------------------
---
[This E-mail scanned for viruses by Declude Virus on the server
aea8.k12.ia.us]
---------------------------------------------------------
Archived messages from this list can be found at:
http://www.mail-archive.com/[email protected]/
---------------------------------------------------------
