Has "everything" changed recently? Last time I installed it, it only showed the folders where said file exists. Therefore one would have to open each directory in turn & delete file.
He has many hundred shares so I expect several hundred worm copies. Thanks, Tammy _____ From: Erik Goldoff [mailto:[email protected]] Sent: Friday, May 20, 2011 9:52 AM To: NT System Admin Issues Subject: RE: NAS drives (search tool) Have you tried 'everything' ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Tammy Stewart [mailto:[email protected]] Sent: Friday, May 20, 2011 9:11 AM To: NT System Admin Issues Subject: NAS drives (search tool) Hi, I am looking for some sort of tool that can search an entire NAS drive for a certain file, display it so it can be deleted. (not much unlike agent ransack, windows search, etc) A customer I am working with has 16 large drives with several TB of data on each and many many shares. (in the hundreds) They have conficker & I expect to find several instances of the fake recycler bins, the worm copies & the autorun.inf files in these shares. Scanning with AV takes ages because of the amount of data involved & by the time the scan is done & items removed - they (worm copies) already have been re-written again. Is there such a tool? Trying to get more info about the NAS model numbers & setup so to make it easier to narrow down what will work & what will not. Yes - autorun is killed via GPO at the site (although it is possible the GPO didn't take on every machine) Yes - it is believed that every machine is fitted with AV & it is set up properly. (although it is possible that a few machines have missed the install or AV is broke) - this part is being investigated (in order to figure out why it keeps re-propagating) TIA! Tammy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
