Troj/Lineage-J

Aliases	Trojan-PSW.Win32.Gamania.f
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	June 2005 (3.94)
Protection available since	21 April 2005 05:18:26 (GMT)
Detected by	All Sophos products

Troj/Lineage-J is a password stealing Trojan for the Windows platform that attempts to steal passwords associated with the game called "Lineage".

Troj/Lineage-J will copy itself to the Windows folder as svghost.exe.

Troj/Lineage-J will also create a DLL in the Windows folder named msvc6.dll.

Troj/Lineage-J searches for the "Lineage","Lineage Windows Client" window in attempt to initiate a keylogging routine.

In order to be able to run automatically when Windows starts up, Troj/Lineage-J sets the registry entry:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe C:\WINDOWS\svghost.exe

Troj/Lineage-J will attempt to disable a number of anti-virus and security related processes and windows, including:

EGHOST.EXE
MAILMON.EXE
KAVPFW.EXE
IPARMOR.EXE
RavMon.exe
ZoneAlarm

Troj/Lineage-J may also attempt to download and execute files from the internet.

Get reports about the latest virus and spyware threats delivered to your computer