This is a "notes to self and to anyone else who happens to read it" page.

I wrote it because none of the search engines had any data on these particular subjects before 2001 (or thereabouts).

If you do a search for "lomscan.exe" or any of the other programs you might find after your windows machine has been compromised, you'll find no real information on what this or the accompanying programs do.

Most of this info has been gleaned from disassembling these little pieces of code -- thanks to mael(at)

tn.exeTelnet client
xy.exeTCP traffic redirector
pipecmd.exeNamed pipe command shell
lomscan.exeNETBIOS share scanner/brute forcer
lom.exeSame as lomscan.exe, but with 90k of NUL's at the end with a changed PE header