So, somewhere on our network of approximately 180 PCs is the Tiny Banker (Tinba) Trojan which is causing our external IP to get blacklisted as spam.
At present, we don't have any endpoint malware or virus scanning (don't ask) and rely on edge protection so I'm lacking a centralised way to scan all the PCs.
From reading up on this Trojan it sounds like it adds a couple of registry entries on infected machines to run on startup so I'm hoping I can use that somehow to identify which PC it's on.
So, what I'm thinking of doing is pushing out a batch file to run as a scheduled task through GPO that will query the registry for the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
and then dump that out to a text file with the PC name and then copy the text file to a share on the network for me to look at.
How does...