Oh, no - I think you should rewrite it in powershell... Heh.
Seriously though, this looks like a good project. On Wed, Jul 13, 2011 at 11:18, Micheal Espinola Jr <[email protected]> wrote: > That's certainly helpful, thank you. I had forgot about that script. It > may have reusable code. > > -- > Espi > > > > > > On Wed, Jul 13, 2011 at 10:53 AM, Jeff Bunting <[email protected]> > wrote: >> >> There's a desktop.ini file in mine but no other ones. >> >> You might be interested in taking a look at the VB script here, which I've >> found to be useful: >> http://www.silentrunners.org/ >> >> >> There is a list of launch points the script checks, notated with which OS >> they are applicable to on the web site. >> >> Jeff >> >> On Wed, Jul 13, 2011 at 1:12 PM, Micheal Espinola Jr >> <[email protected]> wrote: >>> >>> Maybe I'm nuts. Maybe I'm sick of dealing with malware. But I have some >>> very simple questions about things I almost ALWAYS see on infected systems. >>> Perhaps someone here can clarify something for me that I have yet to see >>> Microsoft and any antivirus vender directly address. I'm gonna start this >>> with one point, and then how the conversation goes: >>> >>> I almost always see malware injection points in the allusers\appdata >>> folder. In these instances I *always* see a reference in one of the "run" >>> registry keys. >>> >>> As far as I know; this top level appdata filer should NOT contain files >>> at all. I repeat: NO FILES AT F'ING ALL. >>> >>> Can someone confirm this? Can someone with contacts at Microsoft or >>> other AV providers confirm why this is completely overlooked when scanning? >>> This is were 0-day malware live very commonly. This is very easy to check! >>> >>> Thank you for your time and any vender reach-outs you can provide. >>> >>> I'm currently working on a set of scripts to check what I consider very >>> foolish things like this. If anyone wants to team-up, please do. >>> >>> -- >>> Espi >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
