Is this trojan adaware-created?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Does anyone know anything about win32.trojan-psw.lineage please?

Adaware just 'caught' it after a new definitions update and I tried to
figure out what it was from a google search. All it revealed was about
429 references to it, almost all coming from adaware. None of the ones
which didnt come from adaware explained what it was though one did
refer to something called keygen and said it was a false positive. All
the rest seemed to point to some other site which ultimately pointed
to some adaware definitions update

Is this something created by Adaware to show that it is doing its job
and make users feel better or is it a genuine trojan?

Re: Is this trojan adaware-created?




| Does anyone know anything about win32.trojan-psw.lineage please?

| Adaware just 'caught' it after a new definitions update and I tried to
| figure out what it was from a google search. All it revealed was about
| 429 references to it, almost all coming from adaware. None of the ones
| which didnt come from adaware explained what it was though one did
| refer to something called keygen and said it was a false positive. All
| the rest seemed to point to some other site which ultimately pointed
| to some adaware definitions update

| Is this something created by Adaware to show that it is doing its job
| and make users feel better or is it a genuine trojan?

No, the Lineage pasword stealing trojan is REAL !

Now if you want to determine if this is a False Positive, extract the file from
quarantine
and upload it to Virus Total.

Otherwise, make sure your PC is clean.

Then change all your passwords that you use through that PC including those at
banks, etc.

Then get your credit reports.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Is this trojan adaware-created?



wrote:
Quoted text here. Click to load it

I didnt quarantine it in adaware, I deleted it but I do trust you when
you say it is a positive positive as opposed to being a false positive
(though I do have Webroot Spy Sweeper which catches all of these types
of things, especially quite old ones like this one seems to be)

Does it create some sort of machine to report any password I type to
some place the FBI can identify?  If so I am sure they would like to
know about it as it would tend to give away its originator every time
it reports home?

Re: Is this trojan adaware-created?



On 10/03/2008 07:17 PM, dmanzaluni@googlemail.com sent:

Snip, snip...

Quoted text here. Click to load it

The system that's reported to could be a zombie or bot in a foreign
country for which the FBI has no legal access.

          <http://en.wikipedia.org/wiki/Zombie_computer

Even if the purloined data /were/ going to a domestic system, I doubt
the FBI's involvement in favor of a white-collar crime unit within a
local law enforcement agency with a reduced budget and an unbelievable
unsolved case backlog.

The long-term solution is to take better care of your system in the
future and learn from what happened here.

Best wishes to you.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Is this trojan adaware-created?






| I didnt quarantine it in adaware, I deleted it but I do trust you when
| you say it is a positive positive as opposed to being a false positive
| (though I do have Webroot Spy Sweeper which catches all of these types
| of things, especially quite old ones like this one seems to be)

| Does it create some sort of machine to report any password I type to
| some place the FBI can identify?  If so I am sure they would like to
| know about it as it would tend to give away its originator every time
| it reports home?

1PW has gioven you good information.  To add to that...
If you had a sample of the DLL/EXE file and submitted it to Virus Total the we
could help
accomplish to things.  The first is to help establish the validity of the find.
The
second is if it was a righteous declaration we may be able to search the virus
encyclopedias of the AV vendors who recognized the trojan and found more
specific
information on what the trojan tragets.  Thus giving us a more definitive course
of action
to take instead of the generic course of action taken if you are infected with
password
stealer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline