Taken From: http://www.sophos.com/virusinfo/analyses/trojlineaged.html
Description:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Affected operating systems:
* Windows
Side effects:
* Steals information
* Records keystrokes
* Leaves non-infected files on computer
Technical Details:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Troj/Lineage-D copies itself to the Windows system folder as "ttplorer.exe" and creates a DLL keylogging component "ttinject.dll" as well as the text file "ttdata32.dll" to keep the keylog results.
Troj/Lineage-D creates the following registry entry to run itself automatically on system login or startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scvhost
<Windows system>\ttplorer.exe
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
Description:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Affected operating systems:
* Windows
Side effects:
* Steals information
* Records keystrokes
* Leaves non-infected files on computer
Technical Details:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Troj/Lineage-D copies itself to the Windows system folder as "ttplorer.exe" and creates a DLL keylogging component "ttinject.dll" as well as the text file "ttdata32.dll" to keep the keylog results.
Troj/Lineage-D creates the following registry entry to run itself automatically on system login or startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scvhost
<Windows system>\ttplorer.exe
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
on October 26, 2007, 4:43 am
http://sborrate_nel_culo.modulisticalicenz.cn/
http://riservato_fighette_spogliarello.mercatoambulantes.cn/
http://racconti_sesso_sfrenato.ncujbotticelle.com.cn/
http://mettendolo_con_yvonne.mercatoambulantes.cn/
http://tutto_sederi.ncujbotticelle.com.cn/
http://bramare_asiatiche_masturbate.ncujbotticelle.com.cn/
http://allievo_fighetta_prostituta.modulisticalicenz.cn/
http://fetish_party.modulisticalicenz.cn/
http://bionde_che_godono.ncujbotticelle.com.cn/
http://bonny_asiatiche_sex.mercatoambulantes.cn/
http://si_fa_inculare.ncujbotticelle.com.cn/
http://video_porno_anale.licenzave.cn/
http://sederi_maschili.modulisticalicenz.cn/
http://collant_sex.mercatoambulantes.cn/
http://ragazze_incontri.mercatoambulantes.cn/
http://freddo_fighette_strip.modulisticalicenz.cn/
http://ragazzine_puttanelle.ncujbotticelle.com.cn/
http://foto_di_negre.modulisticalicenz.cn/
http://gallerie_amatoriali.ncujbotticelle.com.cn/
http://bramare_fighetta_urinate.modulisticalicenz.cn/
http://sborrate_su_tette.modulisticalicenz.cn/
http://modelle_francesi.ncujbotticelle.com.cn/
http://troie_con_tacchi.mercatoambulantes.cn/