Troj/Keylog-AL

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Keylog-AL is a keylogger and backdoor Trojan.

Troj/Keylog-AL runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.

Troj/Keylog-AL includes functionality to:

- silently download new software
- send stolen information to remote locations via email
- inject its code into EXPLORER
- disable other applications

When first run Troj/Keylog-AL copies itself to:

<System>\WORKGROUPS.(ClassID)\svchost.exe
<System>\install.com

and creates the following files:

<Current folder>\_.bat
<System>\WORKGROUPS.(ClassID)\log.vts
<System>\WORKGROUPS.(ClassID)\mail.vts
<System>\WORKGROUPS.(ClassID)\mailpas.exe
<System>\WORKGROUPS.(ClassID)\mailpas.vts
<System>\WORKGROUPS.(ClassID)\messnger.exe
<System>\WORKGROUPS.(ClassID)\messnger.vts
<System>\WORKGROUPS.(ClassID)\nreg.exe

These files may be safely deleted.

Troj/Keylog-AL also creates the file <System>\WORKGROUPS.(ClassID)\netkey.dll.

The file netkey.dll is detected as Troj/Keylog-AJ.

The following registry entry is created to run install.com on startup:

HKLM\SOFTWARE\Microsoft\Active Setup\
Installed Components\(872415-GGFRT-TKMN-24F9-2154487HHGT8)
StubPath
<System>\install.com

Troj/Keylog-AL attempts to disable the following processes:

_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
_SMC.EXE
ACKWIN32.EXE
ADMINTOOL.EXE
ADVXDWIN.EXE
AGENTA.EXE
AGENTSVR.EXE
ALERTSVC.EXE
ALG.EXE
ALOGSERV.EXE
AMON.EXE
AMON9X.EXE
ANTITROJ.EXE
ANTI-TROJAN.EXE
ANTIVIRUS.EXE
ANTS.EXE
APIMONITOR.EXE
APLICA32.EXE
APVXDWIN.EXE
ASHDISP.EXE
ASHQUICK.EXE
ATCON.EXE
ATGUARD.EXE
ATRO55EN.EXE
ATUPDATER.EXE
ATWATCH.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AVCONSOL.EXE
AVENGINE.EXE
AVGCC32.EXE
AVGCTRL.EXE
AVGNT.EXE
AVGSERV.EXE
AVGSERV9.EXE
AVGUARD.EXE
AVGW.EXE
AVKPOP.EXE
AVKSERV.EXE
AVKSERVICE.EXE
AVKWCTL.EXE
AVKWCTL9.EXE
AVP.EXE
AVP32.EXE
AVPCC.EXE
AVPM.EXE
AVSCHED32.EXE
AVSYNMGR.EXE
AVWIN.EXE
TAUSCAN.EXE
TAUMON.EXE
TASKALERT.EXE
SYMPROXYSVC.EXE
TCA.EXE
WATCHDOG.EXE
WATCHER.EXE
WEBSCANX.EXE
WEBTRAP.EXE
WFINDV32.EXE
MCVSRTE.EXE
MCVSSHLD.EXE
MCTOOL.EXE
MCSHIELD.EXE
MCMNHDLR.EXE
MCAGENT.EXE
ICLOAD95.EXE
ICMON.EXE
ICSUPP95.EXE
ICLOADNT.EXE
ICSUPPNT.EXE
IFACE.EXE
ANTS.EXE
cleaner3.exe
cleaner.exe
MooLive.exe
NISUM.EXE
NISSERV.EXE
IAMAPP.EXE
NAVAPW32.EXE
NAVW32.EXE
Anti-Trojan.exe
iamapp.exe
iamserv.exe
FRW.EXE
blackice.exe
blackd.exe
zonealarm.exe
vsmon.exe
zlclient.exe
WrCtrl.exe
WrAdmin.exe
WrCtrl.exe
lockdown2000.exe
lockdown.exe
Sphinx.exe
VSHWIN32.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOL.EXE
VSSTAT.EXE
StartupMonitor.exe
protectx.exe
LOOKOUT.exe
LUALL.exe
LUAU.exe
LUCOMSERVER.exe
MCAGENT.exe
MCMNHDLR.exe
MCSHIELD.exe
MCTOOL.exe
MCVSRTE.exe
MCVSSHLD.exe
MFW2EN.exe
MGAVRTCL.exe
MGAVRTE.exe
MGHTML.exe
MGUI.exe
MINILOG.exe
MONITOR.exe
MOOLIVE.exe
MPFTRAY.exe
MSSMMC32.exe
MU0311AD.exe
MWATCH.exe
N32SCANW.exe
NAVAPSVC.exe
NAVAPW32.exe
NAVDX.exe
NAVLU32.exe
NAVSTUB.exe
NAVW32.exe
NETARMOR.exe
NETINFO.exe
NETMON.exe
NETSCANPRO.exe
NETSPYHUNTER-1.2.exe
NETUTILS.exe
NIP.exe
NISSERV.exe
CLEANPC.exe
wscsvc.exe