ComLog 1.01

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 From the doc: 'This program captures the input/output of the Windows NT Command Promt (cmd.exe). It does so by prentending to be the real prompt and forwarding the commands to the real (and renamed) cmd.exe. I/O is stored in a random-generated log file in \WINNT\Help\Tutor.'
From the Website: 'Command prompt capture utility for Windows NT/2K. Ideal to maintain a log history of commands typed at the command prompt by users, or to capture intruder activity with IIS abuse or netcat tunnels. Can be used with LogAgent for automatic forwarding of the logs to a central location or monitoring console. ComLog 1.05 Pro works the same way as the Open Source version, except that it can be configured via a config file, which allows the user to choose the filename for cm_.exe and to specify pattern strings to be hidden from the monitored users (to hide processes like Snort or ZoneAlarm, for example).'
From the author: 'this tool was designed as a legitimate security tool (widely used in honeypots, for example) for the network admin to compile a history of commands typed by a potentiel attacker.... ComLog is not a regular keylogger (capturing all the keystrokes), but focuses only on what is typed via the command prompt, a very important particularity. Because of this, ComLog makes for a very bad hacking tool to capture keystrokes, as most of the keystrokes typed on the machine will never be captured. In fact, this particularity was designed to enable network admins to monitor attackers, not the other way around.'
From the web site: 'SecurIT Informatique Inc. is a firm working in the markets of computer security and integration of systems and networks. The company is made of highly qualified persons in these domains. SecurIT Informatique Inc. arose from the will to offer high quality services in computer security, and to provide corporate-level service at a price that small and medium businesses can afford. SecurIT Informatique Inc.'s team goal is to help their customers to set up solutions adapted to their needs and to their realities in term of systems and networks, always by keeping in mind the aspect computer security. Our technological independence allows us to offer you solutions cut to measure according to your budget capacities.'

Category:

Misc Tool: Any tool that might be used in planning an attack on a system, developing tools for such an attack, or performing it.

Similar Pests:

 Misc Tool

Origins

Author:

 Adam Richard AKA Floydman

Group:

 SécurIT Informatique Inc.

Mailing Address:

 SecurIT Informatique Inc., 3600 St-Germain, Montréal, Québec H1W 2V5

Phone:

 (514) 598-0526

EMail:

 securit@iquebec.com

URL:

 http://securit.iquebec.com

Date of Origin:

 April, 2003

Operation

Storage Required:
  • ComLog 1.01: at least 785 KB
    		•

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove ComLog 1.01 from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 November 17, 2004