Skip to main content

CLOG.EXE

More
19 years 11 months ago #6055 by Kn1ght
CLOG.EXE was created by Kn1ght
Hey guys, I have an end user which sadly must have administrator privilages on her system. She is a beautiful girl, and very blond.....

I have a process running (windows 2000 in case I didn't mention that) in the background called CLOG.EXE it uses about 50% of the CPU consistently to the point where this end user cannot work. Results in lockups, etc.... I have run all of the standard spyware/adware products. I have booted in safemode/last known good configuration. This is a new thing that just started today. :twisted: It is really making me upset! :x I did some internet searches and can't find a single good piece of information... CLOG.exe

ANY IDEAS?!?!?!?!?

Thanks
More
19 years 11 months ago #6056 by Kn1ght
Replied by Kn1ght on topic Re: CLOG.EXE
you big "S" I've been waiting for your reply for 5 minutes already..... and nothing normally you have fixed my problem by now.... :)

Thanks
More
19 years 11 months ago #6058 by sahirh
Replied by sahirh on topic Re: CLOG.EXE
Hehe, have you used an antivirus scanner mate ? Also check whether its spewing data all over the network (tcpview from sysinternals.com should help you)..

I would suggest you do this.. Give the system the once over with an antivirus scanner... if that detects nothing, try and find the startup entries this thing leaves..

Hit your registry.. and search for clog.exe... kill all entries that you see there.. Also check your win.ini and your startup folders. Then kill the process and delete it from the disk.

If you cannot kill / delete it from the disk.. boot using a LiveCD such as Knoppix and delete it from there..

Some of these little beasts have a nasty way of hooking a DLL into explorer.exe and when you kill of the main process, they just copy themselves back into memory and execute again.. you gotta watch for that..
ProcessXP from sysinternals will be your friend.. switch to the DLL view and see what explorer.exe is loading up (this can be confusing, but you might get the idea).

Another quick hack is.. if you manage to delete the process but find it keeps coming back at reboot etc.. delete the process and then create a junk file called 'clog.exe' in the same place the original file was.. mark it as read only and don't allow anyone to change the permissions.. then when the little beast tries to come back home.. it finds there is already a clog.exe

Hope that helps.

If you want you can send me the nasty for analysis in a sandboxed environment.

Btw didn't google give you anything on this ?


Sorry about the delay ;)

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 11 months ago #6066 by Kn1ght
Replied by Kn1ght on topic Re: CLOG.EXE
girl just put her two weeks in, so I did what you suggested about making my own file, and taking away all permissions, that worked great, thanks bud! I wish I knew more about everything else you were talking about w/ dll view mode but I don't so I did that and it works. I will just rebuild her system when she leaves.

Thanks S

Thanks
More
19 years 11 months ago #6068 by Chris
Replied by Chris on topic Re: CLOG.EXE
Now how come we don't get any of them cute blondies at work ? :)

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
19 years 11 months ago #6073 by Kn1ght
Replied by Kn1ght on topic Re: CLOG.EXE
Chris---- must be the pocket protectors.... I heard they have a positive on POSITIVE reaction so therefore repeling the cute blonds.

Thanks
Time to create page: 0.133 seconds