Friday, January 30, 2009

McAfee quarantines AOL-associated EXE's ACSROLLB, ACSLAEU; false alarms?


Today my McAfee virus scan, on a laptop, quarantined eight files or items associated with ACSLAEU.EXE. I found them on the McAfee scan results with the “Restore” and “files” from the McAfee advanced menu.

I checked this online and found this reference showing that the item is associated with AOL, probably the dialup (which I use only on the laptop). It appears that these are probably “safe” and “false alarms”.

Prevx also has a similar report, as “under review", report here.

However, a Geek Squad person told me that AOL dialup’s penchant for opening other ports is potentially very dangerous.

The item is capable of changing registry keys and starting new processes, although McAfee seems to indicate that this never actually happened on my machine.

Previously, in Sept 2008, I had been warned by McAfee about another similar item, ACSROLLB, writeup here.

It appears that AOL has been “implicated” in this issue since March 2008.

McAfee site’s own search doesn’t show these as “viruses”. If someone knows more about these items, please feel free to comment.

1 comment:

Ken Bowden said...

McAfee also quarantined the same exe's on my system. I stumbled on your blog while I was researching what to do about the exe's. Some sites said they are false positives, others basically said to unplug the computer and beat it with a sledge hammer because it was totally infected now and could never be safely used again. I was hoping someone would have something to say about the issue on your blog. I'll keep checking. In the meantime, I think I'll just let the exe's stay quarantined and hope that my computer isn't hosed or that someone hasn't gotten all my passwords.