This is a static archive of our old Q&A Site. Please post any new questions and answers at

Windows File Share Protocol / Link Creation / Virus


We have a PC or multiple PC's in a VERY large network creating malicious links on our servers. I wan't to see if someone cal help me make a quick filter for wireshark that will log only the link creation event so I can figure out where it is coming from without generating gigs and gigs of packet data. I really need help soon!

Thank You So Much


asked 26 Mar '14, 16:54

Pyrex's gravatar image

accept rate: 0%

Could someone please help me? We will have to be at work all weekend and then some if we can''t stop this virus.

(28 Mar '14, 12:37) Pyrex

One Answer:


Wireshark is the wrong tool for you, for several reasons.

You should look at the owner of the created links (maybe that reveals the workstation).

You should also enable file and folder auditing on your file server to figure out who is doing what. Your local Windows guru should know how to do that.


answered 28 Mar '14, 14:42

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%