Taken From: http://www.sophos.com/virusinfo/analyses/trojlineaged.html
Description:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Affected operating systems:
* Windows
Side effects:
* Steals information
* Records keystrokes
* Leaves non-infected files on computer
Technical Details:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Troj/Lineage-D copies itself to the Windows system folder as "ttplorer.exe" and creates a DLL keylogging component "ttinject.dll" as well as the text file "ttdata32.dll" to keep the keylog results.
Troj/Lineage-D creates the following registry entry to run itself automatically on system login or startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scvhost
<Windows system>\ttplorer.exe
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
Description:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Affected operating systems:
* Windows
Side effects:
* Steals information
* Records keystrokes
* Leaves non-infected files on computer
Technical Details:
Troj/Lineage-D is a password-stealing Trojan for the Windows platform.
Troj/Lineage-D logs keystrokes for the game Lineage II and emails the author with the results.
Troj/Lineage-D copies itself to the Windows system folder as "ttplorer.exe" and creates a DLL keylogging component "ttinject.dll" as well as the text file "ttdata32.dll" to keep the keylog results.
Troj/Lineage-D creates the following registry entry to run itself automatically on system login or startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scvhost
<Windows system>\ttplorer.exe
For a complete system scan, virus detection and removal, please check out ARNIT FREE Online Virus Scanner at: http://www.arnit.net/security/tplarnit.php?page=vscan
For removal instruction please check out ARNIT Security Advisories at: http://www.arnit.net/security/sectips.php?platform=windows
