Troj/Lineage-BI

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	January 2006 (4.01)
Protection available since	18 November 2005 21:19:20 (GMT)
Last updated	26 November 2005 03:33:34 (GMT)
Detected by	All Sophos products

Troj/Lineage-BI is a password stealing Trojan for the Windows platform.

Stolen information may be sent via email to a remote user.

Troj/Lineage-BI will also attempt to terminate the ZoneAlarm process.

When first run Troj/Lineage-BI copies itself to <Windows system folder>\rundll32.exe and creates the following files:

<Windows system folder>\ab2dll.dll
<Windows system folder>\msd.dll

The file ab2dll.dll is also detected as Troj/Lineage-BI. The file msd.dll can be safely deleted.

The following registry entry is created to run rundll32.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LTT2
<Windows system folder>\rundll32.exe

Get reports about the latest virus and spyware threats delivered to your computer