Troj/Lineage-AM is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".
Troj/Lineage-AM includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/Lineage-AM copies itself to <Windows>\java\winlogin.exe and creates the file <Windows>\inf\deamon.exe.
The following registry entry is created to run winlogin.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BossIdea
<Windows>\java\winlogin.exe