Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

	Backups
	Ctrl Alt Del Issues
	Determine Platform - OS
	Get EXE Name
	Get Machine Name - Workstation
	Icons
	Reboot Issues
	Recycle Bin
	Resource Lock
	System Information
	User Profiles

• !Windows Commandline Tricks
• A Word or Phrase in the file search Not Working on XP
• Access to Hardware MP3 Player Device
• Admin Test
• AskYesNo with TimeOut
• Associate Extension to Run Winbatch File
• Autohide Taskbar Code
• Automate FireFox
• Automatically Answer a Dialog Box
• Automatically Clear Pause after EXE Launches
• Base64 encodeing a file
• Block New Program Installs
• BMP Color Change
• Brute Force Way to Convert an int64 that WinBatch Can Handle
• Calculate Text width and height
• Can WinBatch Associate Files
• Capture Control Break
• Change Cursor to Hourglass
• Change Cursor
• Change Explorer Favorites Location
• Change Ip Address
• Change Proportional to Fixed Fonts in Itembox
• Change Share Path
• Changing Default CDROM Drive
• Changing the Windows language
• Check for Multiple Instances of an Application
• Check If a File Is Locked
• Check if a Server is Available
• Check if Application is Installed
• Check if Application is Responsive
• Check if Computer is Locked or Idle
• Check If Extender Is Already Loaded
• Check if Program is Installed
• Check If Someone Is Logged In
• Check If Third Party Menu Item Is Checkmarked
• Check Systems for the MSBlaster Virus
• Check the Grayed-NonGrayed State of Buttons in Pull Down Menus
• Check Which Patches Are Installed
• Clipboard Input Blocked
• Close Child Windows
• Combining WB Scripts
• Command Line Stdin Stdout
• Communicate with a Third-Party Applications Windows-dialogs
• Compress Directory Attribute
• Configure a Workstation to Run HealthStar
• Control Compatibility Mode
• Controlling Citrix Web Client Using WinBatch
• Convert Hex to Ascii
• Convert Image to TIFF
• Convert Temperatures
• Convert TIF to JPG
• Convert Unicode to Big Endian Format File
• Convert Unicode to Big Endian
• Copy Protecting WinBatch Applications
• Create a PDF File
• Create a Shortcut to DUN
• Create a Template WBT file
• Create a Zero K file
• Create Editbox to Accept Formatted Data
• Create Hard Link
• Create Junction Points
• Create Single Byte Arrays and Structures
• Create Startup or Shutdown Script Policies
• Delete a Large Number of Files
• Delete Internet Cookies
• Detect Interact with Desktop
• Detect System Startup Complete
• Detect Version of Java
• Detecting a Locked Workstation
• Detecting Dual Monitors
• Determine Color Range
• Determine Current CD ROM WB is Running On
• Determine IE version installed
• Determine If Menu Bar Has Been Clicked
• Determine if RAS Connection
• Determine Process Start Time
• Determining If a Machine is a Domain Controller
• Disable a Device
• Disable CD Autorun
• Disable Device
• Disable Enable Network Card
• Display Graphical Directory Tree in a Message
• Displaying JPG Files Using Windows Viewer
• Displaying Text Messages on the Console
• DNS Suffix
• Easily Parse Log Files
• Easter finder
• Email HTML Form Data
• Enable or Disable Network Connections
• Enable or Disable Wireless Connection
• Enumerate Devices
• Even or Odd
• Excel Version
• Executing EXE on Remote Computer
• Exit if PC is Idle
• File Size On Disk
• File System Notification on Change
• Financial calculations
• Force Extender Dll Updates
• Format a disk on Windows 2000 or Windows XP
• FTPS Protocol
• Get Current Power Scheme
• Get Current Process ID
• Get Current User Remotely
• Get Data From Memory Address,txt
• Get Default Internet Connection
• Get Highlighted text from Any Window
• Get IE Cache history
• Get Info from a Pair of Directories
• Get Length of MPEG File
• Get line Count and Append if Necessary
• Get Menu String
• Get Microsoft Office Version
• Get Network Address Using IP Address and Subnet mask
• Get Persistent Drive Mappings
• Get Pixel Color
• Get Preferred Language
• Get Process Information from running WinBatch Scripts
• Get ProcessID Thread
• Get Program Files Directory
• Get Remote IP Addresses and Usernames to a List
• Get Unique Records in a List
• Get Version of Internet Explorer
• Get WinBatch Process Environment Block
• Get Windows API Documentation
• Getting WinBatch to Wait - Pause
• GINA Winlogon Desktop and Winbatch
• Grab System Information from MSINFO32
• Handle Errors Including UDFs
• Handling Asynchronous Notifications
• Hibernate
• Hide all the Icons on the Desktop
• Holding down a Key
• How To Call Windows API Functions
• How To Check if a File Handle is Closed
• How to clear event logs
• How to Count Items and Delimiters in a List and Extract Items
• How to Encrypt a Line of Text - Simple Explanation
• How to FTP
• How to Get Encrypted Attribute from a Directory
• How to Locate Functions In Helpfiles
• How to Locate functions in the help files
• How to push Microsoft hotfixes
• How To Read Large File in Multiple Parts
• How to Recurively Copy Files
• How to Retrieve Data from a Database File
• How to Set the AskDirectory Dialog Box Size
• HTML Form Submitted to Winbatch Script
• HTTP Authentication
• Icon Extractor
• Image Comparison
• Increment Through the Alphabet
• Inf Install
• Install a font
• Install AD Printer
• Install File and Print Sharing
• International Date Settings
• Internet Explorer Cache History Retrieval
• Internet time monitor
• Interprogram Communication
• ISO CD Image File
• Issues Interacting with FileMaker Pro
• Kill Predecessor
• Killing 16 bit apps in NT
• Last time ScanDisk and Defrag Performed
• Launch a program on the System Tray
• Launch a WBT File using Explorer SendTo
• Launch Script from SendTo
• Launch the file properties dialog for a file
• Launch WinBatch from Internet Explorer Context Menu
• Limit User Access to Computer
• List all Hotkeys
• List Applications Installed on Remote Machines
• List DVD Drives
• List Installed Modems
• Listing Files from within Zip Files
• Lock NT Server
• Loop Forever until SHIFT Key Pressed
• Lotus Notes - DllCall to change password
• Make a Multiline Input Box
• Make a Thumbdrive Read-Only
• Make Directory Listings
• Make Task Bar Blink
• Make WinBatch Delete Itself
• Making Bitmap files via GDI calls
• Manipulate screen or file data
• Map Ports to Services
• Microsoft Service Pack Checker
• MIME Utility for Email Messages
• Modify Internet Explorer Automatic Detect Setting
• Modify Local Group Policy
• Monitor for Windows Shutdown or Logoff
• Mouse Drag and Highlight - Display Image
• Msi Get File Version
• OCR Support
• Open File Search from StartMenu
• Open MultiUser Files on a Network
• Parse HTML
• Pass Memory Variables to VB
• Passing Parameters from Javascript
• Print Formatted Image Files
• Pushing Elevated WinBatch Scripts to Users
• Query Excel Status Bar Txt
• Random Alpha Numeric Number
• Read Hardware Video BIOS
• Read Quote in INI File
• Read Statusbar Text from Browser
• Recursive directory name search
• Reduce Shape Point List
• Refresh Policy
• Regular Expression Question
• Release LAN IP Settings
• Remove HTML Tags
• Rename a Username without Admin Rights
• Reset IE Settings
• Resize and Place Dialog boxes with 2nd wbt
• Retain Quotation Marks in WB Command Lines
• Run Explorer in a Different Security Context
• Run from Current Location - Webpage
• Run PowerShell Command
• Run WinBatch From Webpage
• RunWithLogon Return to Local User Account
• Save Screen to a BMP File
• Script Minimized When Launched from Lotus Notes Email
• Script Windows Component Install
• Scripting the Group Policy Management Console
• Search for Folder Existence
• Send Control Break to a Window
• Server Connectivity
• Set Disk Volume Name
• Set Modified Date for a Directory
• Set USB Drives To Read Only
• Set Volume
• Show Desktop
• Sorting START menu Alphabetically
• Specify a Script to Run on Startup Shutdown Logon Logoff
• Start Program Only at Windows Shutdown
• Store Image in WBT Script
• Strip out Variable from WBERRORHANDLER Line
• Switch with a Variable Name
• Test
• Thoughts on Writing Faster Code
• Track an Incoming Fax
• Transferring info between WB and other programs
• Translate ANSI Sequences
• Traversing Network Neighborhood using AskFileName
• Turn File Sharing Off on Win95
• Uninstalling Software
• Unlock Workstation Trick
• Use Contents of One AskItemList Box within Another
• Use Global Varaible to tell Errorhandler to Ignore Specific Errors
• Using MS System Agent to Run a WBT File
• Validate WIL Variable Name
• Validating Password
• Various Ways to Download a File
• Verify Calling Parent Process
• Wait until no Input
• WAN IP Address
• Web Scraping
• Winbatch Findstr Equivalent
• Working with RAR Files
• Write to USB Port

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

Check Systems for the MSBlaster Virus

Keywords: MS Blaster Virus MSBlaster W32.Blaster.Worm W32/Lovsan.worm Win32.Poza Lovsan WORM_MSBLAST.A W32/Blaster-A W32/Blaster

---

Question:

I've written a script to deploy the hotfix to all our servers, but has anyone written one yet that'll go out and find out if anyone is infected? I was thinking you could just check the registry key (Run key) or something easy like that, but how would you go out and connect to every single workstation on your network to get the machine names to check so you can do it from your desk?

Answer:

1. Use wntServerList to get list of all workstations.
2. Use RegConnect to connect to remote registry and get back a "key"
3. Use "key" in a RegQueryValue call to interrogate registry contents.
4. Remember to RegCloseKey afterwards.

Maybe this code will help.

AddExtender("WWWNT34i.DLL")

file="C:\BLASTER.LOG" ; !!! CHANGE TO FIT YOUR NEEDS !!!
logfile = FileOpen(file,"WRITE")

; get a list of machines on the network
machinelist=wntServerList("","",1)

;For each machine
pccount=ItemCount(machinelist,@tab)
for xx=1 to pccount
	thispc=ItemExtract(xx,machinelist, @tab)
	ErrorMode(@OFF)
	; connect to the remote computer
	keyloc=RegConnect(thispc,@REGMACHINE)
	ErrorMode(@CANCEL)
	if keyloc == 0 then continue ;skip if cannot connect
	if RegExistValue(keyloc,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[windows auto update]")
		value = RegQueryValue(keyloc,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[windows auto update]")
		if StrLower(value) == "msblast.exe"
			logtxt=StrCat(thispc, " is infected with MSBlaster")
			FileWrite(logfile, logtxt)
		endif
	endif
	RegCloseKey(keyloc)
next

FileClose(logfile)

See http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html for more information about this virus.

---

Article ID:   W15960

File Created: 2004:03:30:15:42:04

Last Updated: 2004:03:30:15:42:04