Troj/Lineag-AI is a Trojan for the Windows platform.
When first run Troj/Lineag-AI copies itself to <Temp>\mnso.exe and creates the following files:
<Temp>\bn9zp.dll - detected as Troj/Lineag-AI
<Temp>\mnso0.dll - deteted as Troj/Lineag-Gen
<Temp>\<random characters>.sys - detected as Mal/Rootkit-A
Troj/Lineag-AI creates the following registry entry to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
mnsa
<Temp>\mnso.exe
Troj/Lineag-AI also installs the driver <random characters>.sys as a system service with a service name of "uytghytrfdewz" and a description of "uytghytrfdewz". Registry entry are also created under:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_UYTGHYTRFDEWZ\