This application requires Javascript for optimal performance.

W32/Agent.ACR!tr - Released Jan 04, 2007 - Last Updated Jan 10, 2007

Alias/es

Trojan.Win32.Agent.acr, Backdoor.Obfus.A, Win32/Agent.OH trojan

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

  • It drops the following file:
    • %TEMP%\keylog.exe

    Detailed Analysis

  • It drops the following file and run this file in memory:
    • %TEMP%\keylog.exe
    The dropped file keylog.exe  is 985 bytes long and packed with MEW 11 1.2. It logs keystrokes and outputs it to its own cmd  window.

    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Reference: ID - 191402