Hey guys, I have an end user which sadly must have administrator privilages on her system. She is a beautiful girl, and very blond.....
I have a process running (windows 2000 in case I didn't mention that) in the background called CLOG.EXE it uses about 50% of the CPU consistently to the point where this end user cannot work. Results in lockups, etc.... I have run all of the standard spyware/adware products. I have booted in safemode/last known good configuration. This is a new thing that just started today. :twisted: It is really making me upset! I did some internet searches and can't find a single good piece of information... CLOG.exe
Hehe, have you used an antivirus scanner mate ? Also check whether its spewing data all over the network (tcpview from sysinternals.com should help you)..
I would suggest you do this.. Give the system the once over with an antivirus scanner... if that detects nothing, try and find the startup entries this thing leaves..
Hit your registry.. and search for clog.exe... kill all entries that you see there.. Also check your win.ini and your startup folders. Then kill the process and delete it from the disk.
If you cannot kill / delete it from the disk.. boot using a LiveCD such as Knoppix and delete it from there..
Some of these little beasts have a nasty way of hooking a DLL into explorer.exe and when you kill of the main process, they just copy themselves back into memory and execute again.. you gotta watch for that..
ProcessXP from sysinternals will be your friend.. switch to the DLL view and see what explorer.exe is loading up (this can be confusing, but you might get the idea).
Another quick hack is.. if you manage to delete the process but find it keeps coming back at reboot etc.. delete the process and then create a junk file called 'clog.exe' in the same place the original file was.. mark it as read only and don't allow anyone to change the permissions.. then when the little beast tries to come back home.. it finds there is already a clog.exe
Hope that helps.
If you want you can send me the nasty for analysis in a sandboxed environment.
girl just put her two weeks in, so I did what you suggested about making my own file, and taking away all permissions, that worked great, thanks bud! I wish I knew more about everything else you were talking about w/ dll view mode but I don't so I did that and it works. I will just rebuild her system when she leaves.