Friday, November 21, 2008

Lineage Trojan

How To Remove Lineage?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
Lineage is dangerous virus:
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Spyware can even change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification
of its included software types is captured under the term privacy-invasive software.
These utilities are designed to penetrate remote computers
in order to use them as zombies (by using backdoors) or to download other malicious programs to computer.

Exploits use vulnerabilities in operating systems and applications to achieve the same result.
Lineage It also known as:

[Kaspersky]Trojan-PSW.Win32.Lineage.ag,Trojan-PSW.Win32.Agent.hh,Trojan-PSW.Win32.Lineage.acw,Trojan-PSW.Win32.Gamec.aw,Trojan-PSW.Win32.Lineage.hy,Trojan-PSW.Win32.Lineage.ajq,Trojan-PSW.Win32.Nilage.apv,Trojan-PSW.Win32.Delf.tv,Trojan-PWS.WIn32.Nilage.mo,Trojan-PWS.WIn32.Magania.fx,Trojan-PSW.Win32.Magania.hs,Trojan-PWS.Win32.Agent.dq,Trojan-PSW.Win32.Delf.lx,Trojan-PSW.Win32.WOW.lk,Trojan-PSW.Win32.Nilage.agt,Trojan-PSW.Win32.Nilage.aha,Trojan-PSW.Win32.Maran.t,Trojan-PSW.Win32.Nilage.afz,Trojan-PSW.Win32.Nilage.ahp,Trojan-PSW.Win32.Nilage.ach,Trojan-PSW.Win32.Hangame.bu,Trojan-PSW.Win32.OnLineGames.ar,Trojan-PSW.WIn32.Gamec.bw,Trojan-PSW.Win32.Nilage.ayc,Trojan-PWS.Win32.Gamec.bw,Trojan-PSW.Win32.Agent.cu,Trojan-PWS.Win32.Nilage.awt,Trojan-PSW.Win32.Magania.fx,Trojan-PWS.Win32.Magania.iv,Trojan-PWS.Win32.Nilage.atk,Trojan-PSW.Win32.OnLineGames.aw,Trojan-PSW.Win32.Delf.tf,Trojan-PSW.Win32.Magania.jl,Trojan-PSW.Win32.OnLineGame.eb,Trojan-PSW.Win32.Agent.jp,Trojan-PSW.Win32.OnLineGames.cm,Trojan-PSW.Win32.Nilage.avi,Trojan-PSW.Win32.OnLineGames.de,Trojan-PSW.Win32.Nilage.acy,Trojan-PSW.Win32.OnLineGames.dt,Trojan-PSW.Win32.Nilage.awo,Trojan-PSW.Win32.OnLineGames.kw,Trojan-PSW.Win32.Nilage.bjl,Trojan-PSW.Win32.Magania.ch,Trojan-PSW.Win32.Magania.ov,Trojan-PSW.Win32.Magania.pc,Trojan.PSW.Win32.Nilage.bjk,Trojan-PSW.Win32.Magania.pw,Packed.Win32.NSAnti.n,Trojan-PSW.Win32.Nilage.aix,Trojan-PSW.Win32.Nilage.ait,Trojan-Downloader.Win32.Delf.ade,Trojan-PSW.Win32.Nilage.bjh,Trojan-PWS.Win32.Hangames.eh,Trojan-PSW.Win32.OnLineGames.d,Trojan.Win32.Agent.aac,Trojan-PSW.Win32.Nilage.aic,Trojan-PSW.Win32.Magania.hh,Trojan-PSW.Win32.OnLineGames.dl;
[McAfee]PWS-Lineage,PWS-Lineage.dll,PWS-Lineage.dr,PWS-Gamania.dll,New Malware.bc,PWS-Gamania,PWs-Mmorpg.gen;
[F-Prot]W32/PWStealer.gen1,W32/PWStealer1!Generic,W32/LineageX.CTJ;
[Other]Infostealer,Win32/Lineage.ED,Infostealer.Lineage,PWS-Lineage,Win32.Lineage.EF,Infostealer.Lemir.Gen,Win32/Lineage.DZ,W32/Lineage.BUL,Win32/Lineage!generic,Win32/Lineage.HN,Win32/Lineage.IE,Win32/Lineage.IA,Win32/Lineage.HQ,Infostealer.Uprungam,Win32/Lineage.IM,WIn32.Lineage.IX,Infostealer.Gamania,Win32.Lineage.IY,Win32.Lineage.IW,TSPY_LINEAGE.CVH,Win32/Lineage.HT,Win32/Lineage.JR,Win32/Lineage.HU,TSPY_LINEAGE.CNJ,Win32/Lineage.ER,Win32/Lineage.FB,Win32/Lineage.FF,Win32/Lineage.GV,Win32/Lineage.GW,Win32/Lineage.GX,Win32/Lineage.GY,win32/Lineage.JV,Win32/Lineage.JX,Win32.Lineage.JZ,W32/Lineage.KD,Win32/Lineage.KA,Win32/Lineage.MO,Win32/Lineage.OD,Win32/Lineage.OK,Win32/Lineage.OB,W32/Lineage.ANNO,W32/Bacalid.A,Infostealer.Wowcraft,Win32/Lineage.JB,Win32/Lineage.QS,Win32/Lineage.MB,Troj/Lineag-AEU,Win32/Lineage.TP,Win32/Lineage.SZ,Mal/Packer,Win32/Lineage.TA,Bloodhound.NsAnti,Troj/Agent-DZN,Win32/Lineage.NT,Win32/Lineage.NM,Win32/Lineage.OF,Win32/Lineage.QN,Win32/Lineage.ON,Win32/Lineage.SX,Win32/Lineage.TR,WIn32/Lineage.UU,WIn32/Lineage.KB,Win32/Lineage.OM,Win32/Lineage.TB,Win32/Lineage.UI,Win32/Lineage.UX,Win32/Lineage.VD,Win32/Lineage.VE,Win32/Lineage.VI,Win32/Lineage.RE,Win32/Lineage.RL,W32/Lineage.AOZQ,Win32/Lineage.VX,Win32/Lineage.WW,Win32/Lineage.WX,Win32/Lineage.WZ,Win32/Lineage.WY,Win32/Lineage.XA,Win32/Lineage.XM,Win32/Lineage.XN,Win32/Lineage.XO,Win32/Lineage.XR,Win32/Lineage.YI,Infostealer.Gampass,PWS:Win32/Lineage.gen!dll,Mal/EncPk-F,Win32/Lineage.YJ,Infostealer.Perfwo.B,PWS:Win32/Lineage.gen!D,Win32/Lineage.YK,PWS:Win32/Wowsteal.gen!A,W32/Viking.EQ,Mal/Behav-085,PWS:Win32/Gamania.gen!B,W32/Lineage.APDZ,Win32/Lineage.YL,W32/Lineage.AMXG,Troj/Lineag-Gen,Win32/Lineage.YX,Troj/Dloadr-AYW,TSPY_LINEAGE.FRT,Win32/Lineage.ZH,TrojanDropper:Win32/Lineage.gen,W32/Hupigon.gen67,PWS-Pinch,Win32/Lineage.ZL,Win32/Lineage.ZM

Lineage Symptoms:

Files:
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll
[%PROGRAM_FILES%]\Windows Media Player\svchost.exe
[%SYSTEM%]\dab1.dll
[%SYSTEM%]\msdll.dll
[%SYSTEM%]\PDLL.dll
[%WINDOWS%]\af.dat
[%WINDOWS%]\rundl132.exe
[%PROFILE_TEMP%]\94f.dll
[%PROFILE_TEMP%]\a.dll
[%PROFILE_TEMP%]\cb.exe
[%PROFILE_TEMP%]\file.exe
[%PROFILE_TEMP%]\ie777.exe
[%PROFILE_TEMP%]\iesys.exe
[%PROFILE_TEMP%]\menghuan.exe
[%PROFILE_TEMP%]\mh2\iexpl0re.EXE
[%PROFILE_TEMP%]\Mhgx.dll
[%PROFILE_TEMP%]\packet.dll
[%PROFILE_TEMP%]\qq.exe
[%PROFILE_TEMP%]\sp.dat
[%PROFILE_TEMP%]\VS000025.dll
[%PROFILE_TEMP%]\wanpacket.dll
[%PROFILE_TEMP%]\wow.exe
[%PROFILE_TEMP%]\wulin.exe
[%PROFILE_TEMP%]\zhengtu.exe
[%PROGRAM_FILES%]\explord.exe
[%PROGRAM_FILES%]\Microsoft\svhost32.exe
[%PROGRAM_FILES_COMMON%]\wincreat.dll
[%SYSTEM%]\dllf.dll
[%SYSTEM%]\dllms.dll
[%SYSTEM%]\dllt.dll
[%SYSTEM%]\dllwm.dll
[%SYSTEM%]\dlyy.dll
[%SYSTEM%]\dms.dll
[%SYSTEM%]\exesfisle.exe
[%SYSTEM%]\exploreo.exe
[%SYSTEM%]\explorerf.exe
[%SYSTEM%]\givyoua.exe
[%SYSTEM%]\givyoub.exe
[%SYSTEM%]\htdll.dll
[%SYSTEM%]\qmdll.dll
[%SYSTEM%]\systemlf.dll
[%SYSTEM%]\systemlj.dll
[%SYSTEM%]\systemlo.dll
[%SYSTEM%]\tdll.dll
[%SYSTEM%]\winCreate.exe
[%SYSTEM%]\winsp2.exe
[%SYSTEM%]\wldll.dll
[%SYSTEM%]\xydll.dll
[%SYSTEM%]\ztdll.dll
[%WINDOWS%]\command\rundll32.exe
[%WINDOWS%]\Config\svhost32.exe
[%WINDOWS%]\Download\svhost32.exe
[%WINDOWS%]\down\rundll32.exe
[%WINDOWS%]\Installer\services.exe
[%WINDOWS%]\loadmx.exe
[%WINDOWS%]\mxdll32.dll
[%WINDOWS%]\tdll.dll
[%WINDOWS%]\winpsfisle.dll
[%WINDOWS%]\winvar.dll

Folders:
[%WINDOWS%]\Intel

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{081fe200-a103-11d7-a46d-c770e4459f2f}
HKEY_CLASSES_ROOT\clsid\{267709fd-a691-43b0-bf38-0df6887a9b44}
HKEY_CLASSES_ROOT\clsid\{a3b455d8-1ac5-4bad-9c14-1a7d2383c89c}
HKEY_CLASSES_ROOT\clsid\{d14ce39f-eed3-489a-948c-fcd588f831e7}
HKEY_CLASSES_ROOT\clsid\{fdc8d286-9948-4a86-acba-dcb4333b1207}
HKEY_CLASSES_ROOT\inetapi64.classname
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kinga
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kingxp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_kingxxx
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kei2

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Remove Devil Trojan
Servu.kill DoS Information
Ideach Trojan Symptoms
Remove Win32.Cres Adware
Snavems Adware Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)