none
Need some help with Test-Path RRS feed

  • Question

  • Hi there,

    I am trying to make a powershell script to find and get output but I'm stuck. Let's put the case.

    I need the script to look for .exe into remote computers:

    C:\Users\XXX\AppData\Roaming\Ethereum
    C:\Users\XXX\AppData\Local\CryptoTab Browser\Application

    Where XXX may be users found under C:\Users except "Public"

    And save output to text/csv (better csv) with the computer name and what did he found cryptotab or ethereum 

    Here is what I have made till now. Can someone please help me? Please!!! I got my network infected!!!



    $computers = Get-Content -Path C:\powershell\files\computers.txt
    $ethere = "$env:APPDATA\Ethereum"
    $crypto = "$env:LOCALAPPDATA\CryptoTab Browser\Application"


    foreach ($computer in $computers) {
          
    if ((Test-Path \\$computer\c$)-eq $true) {
            Write-Host -ForegroundColor Green "Ethereum found on $computer. Path: $ethere"
    Get-ChildItem -Path $ethere -Filter *.exe -Recurse -Name -Force -ErrorAction SilentlyContinue | Out-File .\output.txt -Append
     

    if ((Test-Path \\$computer\c$)-eq $true) {
            Write-Host -ForegroundColor Green "CryptoTab Browser found on $computer. Path: $crypto"
    Get-ChildItem -Path $crypto -Filter *.exe -Recurse -Name -Force -ErrorAction SilentlyContinue | Out-File .\output.txt -Append
     
    }
    }
    }



    • Edited by cnecrea Tuesday, June 18, 2019 10:49 PM update
    Tuesday, June 18, 2019 10:47 PM

All replies

  • Sorry but we cannot understand what you code is doing.  If you want to find a file on a remote file system you will need to use "Get-ChildItem" or yoy will have to use "Get-WmiObject".

    If you have infected computers then you will need to contact your AV vendor for help disinfecting.  It cannot be done by deleting files.


    \_(ツ)_/

    Tuesday, June 18, 2019 11:17 PM
    Moderator
  • Hi there

    As I already said... I am newbie and I am stuck...
    I really need make this script work to find the infected computers 

    Wednesday, June 19, 2019 6:32 AM
  • Hi there

    As I already said... I am newbie and I am stuck...
    I really need make this script work to find the infected computers 

    As I noted - you need to use different CmdLets to search for a file.

    Example:

    Get-Childitem "\\$computer\Users\*\somefile.ext" -recurse

    Searching user profiles will likely fail because only the user has access to the profile.

    Contact you AV vendor for help with clearing a virus.  This is not a PC support forum.


    \_(ツ)_/


    Wednesday, June 19, 2019 11:41 AM
    Moderator