We have a PC or multiple PC's in a VERY large network creating malicious links on our servers. I wan't to see if someone cal help me make a quick filter for wireshark that will log only the link creation event so I can figure out where it is coming from without generating gigs and gigs of packet data. I really need help soon! Thank You So Much -J asked 26 Mar '14, 16:54  Pyrex |
One Answer:
Wireshark is the wrong tool for you, for several reasons. You should look at the owner of the created links (maybe that reveals the workstation). You should also enable file and folder auditing on your file server to figure out who is doing what. Your local Windows guru should know how to do that. Regards answered 28 Mar '14, 14:42  Kurt Knochner ♦ |
Could someone please help me? We will have to be at work all weekend and then some if we can''t stop this virus.