Use MRT to Disinfect and report on all your Computers

I rolled my own version of the script here,http://support.microsoft.com/?kbid=891716#4, for my own purposes and thought I'd share:


@echo off
:: RUN Malicious Software Removal Tool remotely -bob
::NOTE you need qgrep, obtain from "Windows Resource Kits"
:: Also psexec from Sysinternals from microsoft
:: You may need to restart a machine if MRT reports you need to restart
:: and if thats the case cmd with sysinternals psshutdown \\host /r
Echo GET'EM...

:: Download latest MRT from Microsoft
:: http://www.microsoft.com/security/malwareremove/default.mspx
SET MRTAPP=\\LocalHost\C$\MRT\windows-kb890830-v2.9.exe
SET COPYLOG=\\LocalHost\C$\MRT\Logs
SET PSEXEC=C:\SysinternalsSuite\psexec.exe


call:RUNONHOST YourComputerName
call:RUNONHOST AnotherComutername



GOTO :EOF

:RUNONHOST
SET HOST=%1
SET DESTLOG=%COPYLOG%\%1.log
SET FOUNDLOG=%COPYLOG%\%1_FOUND.log
SET HOSTLOG=\\%HOST%\C$\debug\mrt.log

::Clear any log
del /Q \\%HOST%\c$\windows\debug\mrt.log

:: Run it
%PSEXEC% -c \\%HOST% "%MRTAPP%" arguments /q

::grab the log
xcopy /Y /I \\%HOST%\c$\windows\debug\mrt.log %DESTLOG%

::convert from UNICODE to ANSI
type %DESTLOG% > %DESTLOG%.txt

qgrep -z "Found" %DESTLOG%.txt > %FOUNDLOG%
qgrep -z "restarted" %DESTLOG%.txt >> %FOUNDLOG%
del /Q %DESTLOG%.txt
del /Q %DESTLOG%

ECHO HOST: %HOST% Complete!

GOTO :EOF

Conficker sucks, but then again.....

Arrgh, isn't there enough to worry about?

Why not reverse engineer this worm for the greater good? We know it can get in without all that IT effort and make calls out on what to do. Sounds like a good thing from an admin point of view ( just trying to focus on a positive).

Hey machines on my network, eat this, good worm.

OK Class(machines) listen up. Do this , this and this, and check back with me later for further instructions...

This, this and this could easily be:

  • ntbackup to a nas
  • defrag HD
  • dump your daily logs into a central repository
  • run a health check and let me know if you are OK
  • check disk space
  • run an archive script
  • Download and install new software
  • Sync files
  • Compact outlook pst's or check if they about to crap past the 2gb mark
  • ...end less possibilities
Common people. Geez, other companies are charging for this kind of service, yet we have this worm given to us for free. Lets capitalize on it for our own administrative purposes.

But alas, we must get rid of it....

Stop Conficker from spreading by using Group Policy
http://support.microsoft.com/kb/962007

Another reference:
(GPMC) Read it, Get it http://www.microsoft.com/windowsserver2003/gpmc/gpmcintro.mspx

Centos: PHP 5.2+ is required, meh

Centos 5.2 has php 5.1 but issues ensue when messing with latest phpmyadmin and other common apps: "PHP 5.2+ is required"

UGH, just work.

Searching searching searching, ding, ding ding, winner...

http://timt881.wordpress.com/2009/02/17/installing-phpmyadmin-and-php-52-on-a-centos-52-server/


Enojoy