LabTech Scripts – Cryptolocker probe script finds infections fast

On April 16, 2015, in How-to, Scripting, by Cubert aka (Cube Dweller)

 

 

cryptolocker-680x400

Catch Cryptolocker in the act

We have created a script for LabTech that you can schedule against any system to scan for possible Cryptolocker Decrypt Files, a sure sign that you been infected.

 

The script can be scheduled against all agents and if an agent is a Mac or Linux it will skip it, The probe will scan each drive letter found and then review that scan to see if it has found any files. Once it finds a file it will email an address but you can easily have it create a ticket or even set an alarm state.

 

When executing probe against a system you can monitor the Scripts Tab for the progress of the probe.

Capture

As the image above shows, a scan takes just a minute to complete. The C drive scan started at 1:08:34 and ended at 1:09:51, the scan took 1 minute and 17 seconds to scan 80GB hard drive.

 

Version 1.0.1 download

 

 

 

download

 

 

 

 

 

Enjoy  Cubert

Tagged with:
 

6 Responses to “LabTech Scripts – Cryptolocker probe script finds infections fast”

  1. Vince says:

    Great work was just working on one of these. Do you have a recommended scan frequency?

  2. Michael says:

    Looks like you’re running the new LT beta – how’s that working out for you?

  3. Greg says:

    Doesnt seem to allow me to access it after importing to 2013

  4. Stefan says:

    I edited line 13 because it found everything with Decrypt in it.

    i changed it to:
    dir /s decrypt*.txt

    First it was:
    dir /s *decrypt*.txt

    It works fine for me.

  5. Ravi says:

    I just imported this script into LT 2013. It gave me an error when I tried to open the script.

    Error loading script: Arithmetic Operation resulted in an overflow.

    Is this script made for LT 10 only? Please let me know. This script can be a huge help for us !

    Thanks in advance !

  6. Ravi says:

    Can someone please help me out? I can’t import this script to my LT 2013 version. Is this script made for LT 10?

Leave a Reply