Troj/Lineage-J is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".
Troj/Lineage-J will copy itself to the Windows folder as svghost.exe.
Troj/Lineage-J will also create a DLL in the Windows folder named msvc6.dll.
Troj/Lineage-J searches for the "Lineage","Lineage Windows Client" window in attempt to initiate a keylogging routine.
In order to be able to run automatically when Windows starts up, Troj/Lineage-J sets the registry entry:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe C:\WINDOWS\svghost.exe
Troj/Lineage-J will attempt to disable a number of anti-virus and security related processes and windows, including:
EGHOST.EXE
MAILMON.EXE
KAVPFW.EXE
IPARMOR.EXE
RavMon.exe
ZoneAlarm
Troj/Lineage-J may also attempt to download and execute files from the internet.