#110567 - 2003-12-18 08:15 AM
Detect a file being used
|
Jeroen
Starting to like KiXtart
Registered: 2001-08-16
Posts: 180
Loc: Netherlands
|
Hi all,
After searching here and there for a solution, I turn to you  at our company, several users were using an illegal software package. We have been able to detect and remove it from the workstations and servers, but are now receiving signals that a couple of users have brought the software with them on CD, and run it from there.
To filter out these last ones, I would like to be able to detect certain files being used on a system. Say for example if a user brings along a CDROM from which he runs a program, and the program is designed to always open a file called PROGRAM.INI. How would I be able to detect this file being opened on a system?
Any help is appreciated!
I have thought about creating my own extra.dat so that the virusscanner will detect this program as a virus, but that would require finding out how these extra.dat files need to be made, so I'm hoping for another solution.
_________________________
Regards, Jeroen.
There are two ways to write error-free programs. Only the third one works.
|
|
Top
|
|
|
|
#110569 - 2003-12-18 11:54 AM
Re: Detect a file being used
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
yea... if you are running win2k, you can put in a 'Do Not Run' entry in the registry with a list of all the exes you want to block
additionally, another method that works is a process kill app that looks for a specific process, kills it, sleeps for a few seconds, and loops.
write that up as a seperate script, and have your logonscript spin that off in a hidden console or run it with wkix32
Code:
$=setconsole("Hidden")
while 1
$=enumprocess('processname.exe',1)
sleep 3
loop
function enumprocess()
...
endfunction
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 640 anonymous users online.
|
|
|
