Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: CLOG.EXE

CLOG.EXE 12 years 1 week ago #6055

  • Kn1ght
  • Kn1ght's Avatar
  • Offline
  • Distinguished Member
  • Posts: 163
  • Karma: 0
Hey guys, I have an end user which sadly must have administrator privilages on her system. She is a beautiful girl, and very blond.....

I have a process running (windows 2000 in case I didn't mention that) in the background called CLOG.EXE it uses about 50% of the CPU consistently to the point where this end user cannot work. Results in lockups, etc.... I have run all of the standard spyware/adware products. I have booted in safemode/last known good configuration. This is a new thing that just started today. :twisted: It is really making me upset! :x I did some internet searches and can't find a single good piece of information... CLOG.exe

ANY IDEAS?!?!?!?!?
Thanks
The administrator has disabled public write access.

Re: CLOG.EXE 12 years 1 week ago #6056

  • Kn1ght
  • Kn1ght's Avatar
  • Offline
  • Distinguished Member
  • Posts: 163
  • Karma: 0
you big "S" I've been waiting for your reply for 5 minutes already..... and nothing normally you have fixed my problem by now.... :)
Thanks
The administrator has disabled public write access.

Re: CLOG.EXE 12 years 1 week ago #6058

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hehe, have you used an antivirus scanner mate ? Also check whether its spewing data all over the network (tcpview from sysinternals.com should help you)..

I would suggest you do this.. Give the system the once over with an antivirus scanner... if that detects nothing, try and find the startup entries this thing leaves..

Hit your registry.. and search for clog.exe... kill all entries that you see there.. Also check your win.ini and your startup folders. Then kill the process and delete it from the disk.

If you cannot kill / delete it from the disk.. boot using a LiveCD such as Knoppix and delete it from there..

Some of these little beasts have a nasty way of hooking a DLL into explorer.exe and when you kill of the main process, they just copy themselves back into memory and execute again.. you gotta watch for that..
ProcessXP from sysinternals will be your friend.. switch to the DLL view and see what explorer.exe is loading up (this can be confusing, but you might get the idea).

Another quick hack is.. if you manage to delete the process but find it keeps coming back at reboot etc.. delete the process and then create a junk file called 'clog.exe' in the same place the original file was.. mark it as read only and don't allow anyone to change the permissions.. then when the little beast tries to come back home.. it finds there is already a clog.exe

Hope that helps.

If you want you can send me the nasty for analysis in a sandboxed environment.

Btw didn't google give you anything on this ?


Sorry about the delay ;)

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: CLOG.EXE 12 years 1 week ago #6066

  • Kn1ght
  • Kn1ght's Avatar
  • Offline
  • Distinguished Member
  • Posts: 163
  • Karma: 0
girl just put her two weeks in, so I did what you suggested about making my own file, and taking away all permissions, that worked great, thanks bud! I wish I knew more about everything else you were talking about w/ dll view mode but I don't so I did that and it works. I will just rebuild her system when she leaves.

Thanks S
Thanks
The administrator has disabled public write access.

Re: CLOG.EXE 12 years 1 week ago #6068

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Now how come we don't get any of them cute blondies at work ? :)
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: CLOG.EXE 12 years 1 week ago #6073

  • Kn1ght
  • Kn1ght's Avatar
  • Offline
  • Distinguished Member
  • Posts: 163
  • Karma: 0
Chris---- must be the pocket protectors.... I heard they have a positive on POSITIVE reaction so therefore repeling the cute blonds.
Thanks
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup