5 year old Keylogger file? - acr*.tmp

I have what I believe is a keylogger file that has been taking snapshots as far back as 5 years ago.

The file is saved on a random basis every 7-14 days and is 2.0MB in size. It is stored (using W2k)under Documents and Settings\MY NAME\Local Settings\Temp\"filename"

The file name format is always something like
Acr**.tmp - (ex. Acr45.tmp or AcrC5.tmp)

Windows explorer shows it as a .TMP file but it's associated with an MS Excel icon. I can open the file with Excel but all the characters are displayed in some cryptic code.

I am obviously interested in fixing/removing if malware however I am more interested in having the following questions answered:

1) Does anyone recognize this file format?.....especially since it might be 5 years old
2) Is it a know type of keylogger or other malware....or something harmless...?
3) If it is malware is there a way to trace where it is going?

Thanks for any ideas.

 

Have you got acrobat reader installed?
Please read

More info

 

No , this seems to be a legitime file of Adobe's reader software

You open it with MS Excel because you have accosiated the tmp file to be opened with this application (if you want to fix this , Control Panel -> Folder options-> File types tab -> find tmp and click Delete )


Every time you suspect a file being infected by a computer virus/malware , submit it to VirusTotal

If you have any other sign of infected , perform the General Malware removal instructions by Blackspear

Regards!

 

Thanks for the insight. I read over the posts that were referred to.

Although there is still a doubt I have. When I opend the files with excel the vast majority of the text is cryptic (or possibly encrypted). However certain areas can still be seen as normal english text or would looks like HTML source.

I can see in plain english that this is referencing various web sites I have visted.....as if it were keeping track of the web pages I have visited....In particular the several that it has been tracking have no Acrobat files on them that I might have opened online.

It is recording just standard HTML pages I have visted.

I keep getting a gut feeling this is more than just a randomly generated Acrobat file.

As I stated earlier I will of course pursue cleaning my system if this is a form of malware.....but I stll want to understand what this is...

- Any other possible ideas concerning the likely hood this is a keylogger?
- Do keylogger that were used 5 years ago use this type of reporting format?

Thanks again

 

Bump....

I am posting again to see if there might be any suggestions.

1) I am attempting to determine if the acr*.tmp type of file might also be a form used by any keylogger programs.

2) Assuming this is a keylogger, does anyone know how I might be able to track when the file is sent back out and where is goes? (i.e any type of trace software that I can acquire to track details on a keylogger program)

Thanks

 

Since this seems, on the face of it, rather strange, could you provide a screenshot of what you mean?

To be perfectly blunt, gut feelings on something you don't fully understand is a bad combination since you can invent associations which simply do not exist.

At this point you have provided no definitive information that would point to a keylogger. Strip out your preconceived speculation, and the objective information still points to temporary Acrobat files.

By the way, where does this 5 year timeline come from?

Anything is possible, it is simply a filename

Do you have a software firewall?

Finally, have you tried the very simple test of attempting to open this file using Acrobat, seeing if it is rendered properly, and posting a screenshot of that?

Blue