How to know which computer in the LAN dropped a malicious file?

At work we a LAN set up with over 100 computers, and everyone has shared folders.

Lately, in many different computers our antivirus sotware has been finding infected files, which ussually are 6 random letters and .exe, and these files always show up in shared folders.

I assume having this file doesn't mean the computer is infected, but that another infected computer in the network dropped the file there.

Now, is there a way to know which computer in the network dropped the file?

I would *really* like to go over to that person's computer and politely update their antivirus...

thanks is advance

 

I suppose you can try the owner's details via explorer...

 

tried that, but there is no info on the properties that could lead me to the infected computer...

 

Do users need to login to use the PC?
Start looking at timestamps and traffic logs

Just guess here

N

 

What server OS are you running (or is this just a large workgroup)?

 

The server runs on Linux. I am not the network administrator, so I don't have much access or knowledge about the network.

Someone suggested me to take captions with WireShark, while connected to a switch, but I am not sure how to spot virus movements in those logs (captions)...

 

The network administrator will know if it's possible to track where the files came from. I'd start with him/her.

 

That's too bad. I know Windows has Object Access Audit Policy specifically for situations like this.