acl.exe...Trojan?

[AL]

I've had this program on my computer for a couple of years..it's part of
Family Key Logger that I installed. Ad-Aware has always recognized all
components of this program, but Norton Antivirus never did. Then about a
month ago NAV said acl.exe was infected with the Trojan Horse virus but
isn't more specific than that.
Does anyone know what this file does? If it's a problem I don't know why
NAV didn't recognize it until now.

AL

 

[David H. Lipman]

From: "AL" <[email protected]>

| I've had this program on my computer for a couple of years..it's part of
| Family Key Logger that I installed. Ad-Aware has always recognized all
| components of this program, but Norton Antivirus never did. Then about a
| month ago NAV said acl.exe was infected with the Trojan Horse virus but
| isn't more specific than that.
| Does anyone know what this file does? If it's a problem I don't know why
| NAV didn't recognize it until now.
|
| AL
|

Norton is indicating its a Trojan because, as you noted, its a "...Family Key Logger...".

Keyloggers are Trojans used to capture personal information. The question may be why NAV
took so long to detect it.

Please submit a sample of ACL.EXE to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

 

[AL]

From: "AL" <[email protected]>

| I've had this program on my computer for a couple of years..it's part of
| Family Key Logger that I installed. Ad-Aware has always recognized all
| components of this program, but Norton Antivirus never did. Then about a
| month ago NAV said acl.exe was infected with the Trojan Horse virus but
| isn't more specific than that.
| Does anyone know what this file does? If it's a problem I don't know why
| NAV didn't recognize it until now.
|
| AL
|

Norton is indicating its a Trojan because, as you noted, its a "...Family Key Logger...".

Keyloggers are Trojans used to capture personal information.

Well I installed it just so I would know if anyone used my computer without
my permission, as has happened. When you say capture personal information,
do you mean the program's developer? At least it never tried accessing the
Internet or my firewall would have a record of it.

The question may be why NAV

took so long to detect it.

Please submit a sample of ACL.EXE to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

When you get the report, please post back the exact results.

Antivirus Version Update Result
AntiVir 6.31.1.0 08.17.2005 no virus found
Avast 4.6.695.0 08.16.2005 Win32:Trojan-gen. {Other}
AVG 718 08.15.2005 no virus found
Avira 6.31.1.0 08.16.2005 no virus found
BitDefender 7.0 08.17.2005 no virus found
CAT-QuickHeal 7.03 08.17.2005 Monitor.FamilyKeyLogger.250 (Not a
Virus)
ClamAV devel-20050725 08.17.2005 no virus found
DrWeb 4.32b 08.16.2005 no virus found
eTrust-Iris 7.1.194.0 08.17.2005 no virus found
eTrust-Vet 11.9.1.0 08.16.2005 no virus found
Fortinet 2.41.0.0 08.17.2005 Progent-keylog
F-Prot 3.16c 08.16.2005 no virus found
Ikarus 0.2.59.0 08.16.2005 no virus found
Kaspersky 4.0.2.24 08.17.2005
not-a-virus:Monitor.Win32.FamilyKeyLogger.250
McAfee 4559 08.16.2005 Keylog-Progent.dldr
NOD32v2 1.1195 08.16.2005 no virus found
Norman 5.70.10 08.16.2005 no virus found
Panda 8.02.00 08.16.2005 Application/FamilyKeylogger
Sophos 3.96.0 08.16.2005 no virus found
Sybari 7.5.1314 08.17.2005 Riskware.Progent.A
Symantec 8.0 08.16.2005 Trojan Horse
TheHacker 5.8.2.089 08.16.2005 Aplicacion/FamilyKeyLogger.250
VBA32 3.10.4 08.16.2005 no virus found



-AL

 

[David H. Lipman]

From: "AL" <[email protected]>


|
| Well I installed it just so I would know if anyone used my computer without
| my permission, as has happened. When you say capture personal information,
| do you mean the program's developer? At least it never tried accessing the
| Internet or my firewall would have a record of it.
|
|
| Antivirus Version Update Result
| AntiVir 6.31.1.0 08.17.2005 no virus found
| Avast 4.6.695.0 08.16.2005 Win32:Trojan-gen. {Other}
| AVG 718 08.15.2005 no virus found
| Avira 6.31.1.0 08.16.2005 no virus found
| BitDefender 7.0 08.17.2005 no virus found
| CAT-QuickHeal 7.03 08.17.2005 Monitor.FamilyKeyLogger.250 (Not a
| Virus)
| ClamAV devel-20050725 08.17.2005 no virus found
| DrWeb 4.32b 08.16.2005 no virus found
| eTrust-Iris 7.1.194.0 08.17.2005 no virus found
| eTrust-Vet 11.9.1.0 08.16.2005 no virus found
| Fortinet 2.41.0.0 08.17.2005 Progent-keylog
| F-Prot 3.16c 08.16.2005 no virus found
| Ikarus 0.2.59.0 08.16.2005 no virus found
| Kaspersky 4.0.2.24 08.17.2005
| not-a-virus:Monitor.Win32.FamilyKeyLogger.250
| McAfee 4559 08.16.2005 Keylog-Progent.dldr
| NOD32v2 1.1195 08.16.2005 no virus found
| Norman 5.70.10 08.16.2005 no virus found
| Panda 8.02.00 08.16.2005 Application/FamilyKeylogger
| Sophos 3.96.0 08.16.2005 no virus found
| Sybari 7.5.1314 08.17.2005 Riskware.Progent.A
| Symantec 8.0 08.16.2005 Trojan Horse
| TheHacker 5.8.2.089 08.16.2005 Aplicacion/FamilyKeyLogger.250
| VBA32 3.10.4 08.16.2005 no virus found
|
| -AL
|

Al:

As you can see, other AV vendors flag this as a Trojan or Trojan Keylogger. So know you
know.

It may be used legitimately but it also may be used for nefarious puposes. Not by the
programmer, but by the installer who may not be the computer's owner.