RE: [info-tech] Conficker Scanner
You need the .NET Framework 3.5. We ran into the issue this morning, and compared the installed applications of machines where it worked and machines where it didn't work, and the commonality was the lack of .NET 3.5 on machines where it did not work. -Original Message- From: Karl Hehr [mailto:karl_h...@s-hamilton.k12.ia.us] Sent: Tuesday, March 31, 2009 12:13 PM To: info-tech@aea8.k12.ia.us Subject: Re: [info-tech] Conficker Scanner I had the same problems, until I installed it on a ... wait for it... Vista machine. Karl H. Hehr Technology/Curriculum Director South Hamilton CSD www.s-hamilton.k12.ia.us 515.827.5418 (W) 515.209.9767 (C) 515.827.5368 (F) Luddite by Degrees 1) Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. 2) Anything that's invented between when you're 15 and 35 is new and exciting and revolutionary and you can probably get a career in it. 3) Anything invented after you're 35 is again the natural order of things --- Douglas Adams On Mar 31, 2009, at 12:00 PM, Jim Kerns wrote: > Scott, > > I could not get this to run without installing Python (http://www.python.org/ftp/python/2.6.1/python-2.6.1.msi > ). "The system cannot execute the specified program". Just FYI, > maybe save somebody some troubleshooting steps. > > Jim > >>>> "Scott Fosseen" 3/30/2009 5:12 PM >>> > Provided is a link to a scanner that should detect the presence of the > Conficker worm. It comes from a link I trust so I believe it is > safe to run > on your networks. The tool can scan all the active computers on your > network for the worm. > > FYI: here is the link threads > http://isc.sans.org/diary.html?storyid=6097 > http://honeynet.org/node/388 > > --- > Start by downloading > http://www.doxpara.com/scs.zip (This is a link from the > honeynet.org/node/388 page) > to a windows workstation. > > Once downloaded extract the files. The extracted SCS folder contains > another SCS folder. > Move the second folder to the root of the C:\ drive so all the files > are in > C:\SCS > Open up a 'Command' prompt > type 'c:' > type 'cd \scs' > Scan the local machine first by typing: > 'scanner localhost' > The results will show in the window when complete. > -- > To scan the network, type: > 'scs start-ip end-ip >>scslog.txt' > where start-ip is the lowest IP address you want to scan (10.147.0.1) > end-ip is the highest IP address you want to scan (10.147.0.254) > The results will be saved to c:\scs\scslog.txt > -- > Note: When running 'scs.exe' it takes a long time to scan > unassigned IP > addresses. I would recommend that if you have a subnet mask of > 255.255.0.0 > that you run the program several times on ranges that you know have > computers. Check your DHCP server and verify the high and low IP > addresses > that are currently assigned to get your starting place. I would > also run > against server IP addresses. > > If you run the program several times change the 'scslog.txt' > filename to a > unique name for every scan. > > Another note: > When using the redirect '>>' all output that would typically show on > the > screen is redirected to the text file. Once you launch the 'scs' > command > the screen will not show anything. When the program is done the c:\ > prompt > will return. > --- > Open the scslog.txt file with notepad to see the results of the scan. > > The responses should be > no response - IP address > IP Address appears to be clean > IP address seems to be infected by Conficker > > Good Luck > _ > This email and any files transmitted with it are confidential and > intended > solely for the use of the individual or entity to whom they are > addressed. > If you are not the named addressee you should not disseminate, > distribute or > copy this e-mail. Your are asked to notify the sender immediately by > e-mail > if you have received this e-mail by mistake and delete this e-mail > from your > system. Please note that any views or opinions presented in this > email are > solely those of the author and do not necessarily represent those of > Prairie > Lakes Area Education Agency. Prairie Lakes Area Education Agency > accepts no > liability for any damage caused by any virus transmitted by this > email. - > _
Re: [info-tech] Conficker Scanner
I had the same problems, until I installed it on a ... wait for it... Vista machine. Karl H. Hehr Technology/Curriculum Director South Hamilton CSD www.s-hamilton.k12.ia.us 515.827.5418 (W) 515.209.9767 (C) 515.827.5368 (F) Luddite by Degrees 1) Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. 2) Anything that's invented between when you're 15 and 35 is new and exciting and revolutionary and you can probably get a career in it. 3) Anything invented after you're 35 is again the natural order of things --- Douglas Adams On Mar 31, 2009, at 12:00 PM, Jim Kerns wrote: Scott, I could not get this to run without installing Python (http://www.python.org/ftp/python/2.6.1/python-2.6.1.msi ). "The system cannot execute the specified program". Just FYI, maybe save somebody some troubleshooting steps. Jim "Scott Fosseen" 3/30/2009 5:12 PM >>> Provided is a link to a scanner that should detect the presence of the Conficker worm. It comes from a link I trust so I believe it is safe to run on your networks. The tool can scan all the active computers on your network for the worm. FYI: here is the link threads http://isc.sans.org/diary.html?storyid=6097 http://honeynet.org/node/388 --- Start by downloading http://www.doxpara.com/scs.zip (This is a link from the honeynet.org/node/388 page) to a windows workstation. Once downloaded extract the files. The extracted SCS folder contains another SCS folder. Move the second folder to the root of the C:\ drive so all the files are in C:\SCS Open up a 'Command' prompt type 'c:' type 'cd \scs' Scan the local machine first by typing: 'scanner localhost' The results will show in the window when complete. -- To scan the network, type: 'scs start-ip end-ip >>scslog.txt' where start-ip is the lowest IP address you want to scan (10.147.0.1) end-ip is the highest IP address you want to scan (10.147.0.254) The results will be saved to c:\scs\scslog.txt -- Note: When running 'scs.exe' it takes a long time to scan unassigned IP addresses. I would recommend that if you have a subnet mask of 255.255.0.0 that you run the program several times on ranges that you know have computers. Check your DHCP server and verify the high and low IP addresses that are currently assigned to get your starting place. I would also run against server IP addresses. If you run the program several times change the 'scslog.txt' filename to a unique name for every scan. Another note: When using the redirect '>>' all output that would typically show on the screen is redirected to the text file. Once you launch the 'scs' command the screen will not show anything. When the program is done the c:\ prompt will return. --- Open the scslog.txt file with notepad to see the results of the scan. The responses should be no response - IP address IP Address appears to be clean IP address seems to be infected by Conficker Good Luck _ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Your are asked to notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Prairie Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no liability for any damage caused by any virus transmitted by this email. - _ Scott Fosseen - Systems Engineer - Prairie Lakes AEA - http://www.aea8.k12.ia.us/tech _ I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ - --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ - --- [This E-mail scanned for viruses by Decl
Re: [info-tech] Conficker Scanner
Jim, Thanks for the info. I could not get it to run either. Ann Ann Bloomquist Ann Bloomquist Technology Coordinator Dayton Elementary School Southeast Webster-Grand 104 2nd St NW Dayton, IA 50530 Phone: 515-547-2314 Fax:515-547-2213 and Boxholm Middle School Southeast Webster-Grandl 404 Walnut St. Boxholm, IA 50040 Phone 515-846-6214 Fax 515-846-6212 e-mail: a_bloomqu...@se-webster.k12.ia.us alternate e-mail: swebs...@lvcta.com On Mar 31, 2009, at 12:00 PM, Jim Kerns wrote: Scott, I could not get this to run without installing Python (http:// www.python.org/ftp/python/2.6.1/python-2.6.1.msi). "The system cannot execute the specified program". Just FYI, maybe save somebody some troubleshooting steps. Jim "Scott Fosseen" 3/30/2009 5:12 PM >>> Provided is a link to a scanner that should detect the presence of the Conficker worm. It comes from a link I trust so I believe it is safe to run on your networks. The tool can scan all the active computers on your network for the worm. FYI: here is the link threads http://isc.sans.org/diary.html?storyid=6097 http://honeynet.org/node/388 --- Start by downloading http://www.doxpara.com/scs.zip (This is a link from the honeynet.org/node/388 page) to a windows workstation. Once downloaded extract the files. The extracted SCS folder contains another SCS folder. Move the second folder to the root of the C:\ drive so all the files are in C:\SCS Open up a 'Command' prompt type 'c:' type 'cd \scs' Scan the local machine first by typing: 'scanner localhost' The results will show in the window when complete. -- To scan the network, type: 'scs start-ip end-ip >>scslog.txt' where start-ip is the lowest IP address you want to scan (10.147.0.1) end-ip is the highest IP address you want to scan (10.147.0.254) The results will be saved to c:\scs\scslog.txt -- Note: When running 'scs.exe' it takes a long time to scan unassigned IP addresses. I would recommend that if you have a subnet mask of 255.255.0.0 that you run the program several times on ranges that you know have computers. Check your DHCP server and verify the high and low IP addresses that are currently assigned to get your starting place. I would also run against server IP addresses. If you run the program several times change the 'scslog.txt' filename to a unique name for every scan. Another note: When using the redirect '>>' all output that would typically show on the screen is redirected to the text file. Once you launch the 'scs' command the screen will not show anything. When the program is done the c: \ prompt will return. --- Open the scslog.txt file with notepad to see the results of the scan. The responses should be no response - IP address IP Address appears to be clean IP address seems to be infected by Conficker Good Luck _ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Your are asked to notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Prairie Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no liability for any damage caused by any virus transmitted by this email. - _ Scott Fosseen - Systems Engineer - Prairie Lakes AEA - http://www.aea8.k12.ia.us/tech _ I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia..us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ - --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ -
Re: [info-tech] Conficker Scanner
Scott, I could not get this to run without installing Python (http://www.python.org/ftp/python/2.6.1/python-2.6.1.msi). "The system cannot execute the specified program". Just FYI, maybe save somebody some troubleshooting steps. Jim >>> "Scott Fosseen" 3/30/2009 5:12 PM >>> Provided is a link to a scanner that should detect the presence of the Conficker worm. It comes from a link I trust so I believe it is safe to run on your networks. The tool can scan all the active computers on your network for the worm. FYI: here is the link threads http://isc.sans.org/diary.html?storyid=6097 http://honeynet.org/node/388 --- Start by downloading http://www.doxpara.com/scs.zip (This is a link from the honeynet.org/node/388 page) to a windows workstation. Once downloaded extract the files. The extracted SCS folder contains another SCS folder. Move the second folder to the root of the C:\ drive so all the files are in C:\SCS Open up a 'Command' prompt type 'c:' type 'cd \scs' Scan the local machine first by typing: 'scanner localhost' The results will show in the window when complete. -- To scan the network, type: 'scs start-ip end-ip >>scslog.txt' where start-ip is the lowest IP address you want to scan (10.147.0.1) end-ip is the highest IP address you want to scan (10.147.0.254) The results will be saved to c:\scs\scslog.txt -- Note: When running 'scs.exe' it takes a long time to scan unassigned IP addresses. I would recommend that if you have a subnet mask of 255.255.0.0 that you run the program several times on ranges that you know have computers. Check your DHCP server and verify the high and low IP addresses that are currently assigned to get your starting place. I would also run against server IP addresses. If you run the program several times change the 'scslog.txt' filename to a unique name for every scan. Another note: When using the redirect '>>' all output that would typically show on the screen is redirected to the text file. Once you launch the 'scs' command the screen will not show anything. When the program is done the c:\ prompt will return. --- Open the scslog.txt file with notepad to see the results of the scan. The responses should be no response - IP address IP Address appears to be clean IP address seems to be infected by Conficker Good Luck _ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Your are asked to notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Prairie Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no liability for any damage caused by any virus transmitted by this email. - _ Scott Fosseen - Systems Engineer - Prairie Lakes AEA - http://www.aea8.k12.ia.us/tech _ I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ - --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ -
[info-tech] Conficker Scanner
Provided is a link to a scanner that should detect the presence of the Conficker worm. It comes from a link I trust so I believe it is safe to run on your networks. The tool can scan all the active computers on your network for the worm. FYI: here is the link threads http://isc.sans.org/diary.html?storyid=6097 http://honeynet.org/node/388 --- Start by downloading http://www.doxpara.com/scs.zip (This is a link from the honeynet.org/node/388 page) to a windows workstation. Once downloaded extract the files. The extracted SCS folder contains another SCS folder. Move the second folder to the root of the C:\ drive so all the files are in C:\SCS Open up a 'Command' prompt type 'c:' type 'cd \scs' Scan the local machine first by typing: 'scanner localhost' The results will show in the window when complete. -- To scan the network, type: 'scs start-ip end-ip >>scslog.txt' where start-ip is the lowest IP address you want to scan (10.147.0.1) end-ip is the highest IP address you want to scan (10.147.0.254) The results will be saved to c:\scs\scslog.txt -- Note: When running 'scs.exe' it takes a long time to scan unassigned IP addresses. I would recommend that if you have a subnet mask of 255.255.0.0 that you run the program several times on ranges that you know have computers. Check your DHCP server and verify the high and low IP addresses that are currently assigned to get your starting place. I would also run against server IP addresses. If you run the program several times change the 'scslog.txt' filename to a unique name for every scan. Another note: When using the redirect '>>' all output that would typically show on the screen is redirected to the text file. Once you launch the 'scs' command the screen will not show anything. When the program is done the c:\ prompt will return. --- Open the scslog.txt file with notepad to see the results of the scan. The responses should be no response - IP address IP Address appears to be clean IP address seems to be infected by Conficker Good Luck _ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Your are asked to notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Prairie Lakes Area Education Agency. Prairie Lakes Area Education Agency accepts no liability for any damage caused by any virus transmitted by this email. - _ Scott Fosseen - Systems Engineer - Prairie Lakes AEA - http://www.aea8.k12.ia.us/tech _ I may not have gone where I intended to go, but I think I have ended up where I intended to be. - Douglas Adams _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] - Archived messages from this list can be found at: http://www.mail-archive.com/info-tech@aea8.k12.ia.us/ -