More info here: Next, you need to clear the cache on your DNS server. Usually, when I implement the OpenDNS service on a LAN, I notice an *INSTANT* improvement in available bandwidth. The reason for this is that the OpenDNS servers will re-direct your infected machine’s traffic away from known botnets and known distribution points for spyware to their own, essentially cutting off an infected workstation’s access from known “bad guys”. OpenDNS is a free recursive DNS service that you can use to resolve all DNS queries on the Internet safely. In the absence of any anti-spyware management tools, I decided to use the DNS server on the domain controller to help me determine which workstations were infected.įirst, I changed the outbound forwarder servers to use OpenDNS. This network is a single Active Directory Forest, with a single ‘domain.local’ domain name. Recently, I needed to determine which local LAN hosts were infected with spyware on a network of Windows XP computers. If you don’t use an uninstall password, you can remove them. Msiexec /norestart /qn /x with the GUID found in your registry.īTW – The first 2 lines in that batch file are for removing the uninstaller password from symantec antivirus.
REM save this as add HKLMSOFTWAREIntelLANDeskVirusProtect6CurrentVersionAdministratorOnlySecurity /v UseVPUninstallPassword /t REG_DWORD /d 0 add HKLMSOFTWAREIntelLANDeskVirusProtect6CurrentVersionAdministratorOnlySecurity /v LockUnloadServices /t REG_DWORD /d 0 /f Here’s the contents of the symantec_removal.bat file: So, I saved the following as a batch file, and executed it against all domain workstations. It’s just one command in an awesome toolset written by Mark Russinovich called Pstools.
Being the famously lazy admin I am, I had no interest in logging into each workstation, and manually removing it. Funny thing is, most of these types of software do not have a remote uninstall utility. Lately, I’ve been ripping out and replacing antivirus software in the Enterprise.
0 kommentar(er)
