At work we a LAN set up with over 100 computers, and everyone has shared folders.
Lately, in many different computers our antivirus sotware has been finding infected files, which ussually are 6 random letters and .exe, and these files always show up in shared folders.
I assume having this file doesn't mean the computer is infected, but that another infected computer in the network dropped the file there.
Now, is there a way to know which computer in the network dropped the file?
I would *really* like to go over to that person's computer and politely update their antivirus...
thanks is advance
-
-
I suppose you can try the owner's details via explorer...
-
tried that, but there is no info on the properties that could lead me to the infected computer...
-
Do users need to login to use the PC?
Start looking at timestamps and traffic logs
Just guess here
N -
What server OS are you running (or is this just a large workgroup)?
-
Someone suggested me to take captions with WireShark, while connected to a switch, but I am not sure how to spot virus movements in those logs (captions)... -
The network administrator will know if it's possible to track where the files came from. I'd start with him/her.
-
How to know which computer in the LAN dropped a malicious file?
Discussion in 'Security and Anti-Virus Software' started by agusman, Sep 1, 2009.