This script traverse through an OU and get all the computer names and check to see if "CryptoLocker_0388" key exists.
If it does, then that machine has been infected by the CryptoLocker virus.
$ou=[ADSI]"LDAP://path_to_organizational_unit"
foreach($childin$ou.psbase.Children)
{
if($child.ObjectCategory-like'*computer*')
{
$line=$child.Name
try
{
# Test-Connection -ComputerName $line -Count 1
$reg=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('CurrentUser',$line)
$regkey=$reg.OpenSubkey("SOFTWARE\\CryptoLocker_0388")
if(!$regkey)
{
write-host$line-----"Key Not Found"
}
else
{
write-host$line-----"Key Found"
}
}
catch
{
write-host$line-----"Offline"
}
}
}
No comments:
Post a Comment
Thank you for your comment.