Is this trojan adaware-created?

On Oct 3, 4:38 pm, "David H. Lipman"
wrote:
> From:
>
> | Does anyone know anything about win32.trojan-psw.lineage please?
>
> | Adaware just 'caught' it after a new definitions update and I tried to
> | figure out what it was from a google search. All it revealed was about
> | 429 references to it, almost all coming from adaware. None of the ones
> | which didnt come from adaware explained what it was though one did
> | refer to something called keygen and said it was a false positive. All
> | the rest seemed to point to some other site which ultimately pointed
> | to some adaware definitions update
>
> | Is this something created by Adaware to show that it is doing its job
> | and make users feel better or is it a genuine trojan?
>
> No, the Lineage pasword stealing trojan is REAL !
>
> Now if you want to determine if this is a False Positive, extract the file from quarantine
> and upload it to Virus Total.
>
> Otherwise, make sure your PC is clean.
>
> Then change all your passwords that you use through that PC including those at banks, etc.
>
> Then get your credit reports.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

I didnt quarantine it in adaware, I deleted it but I do trust you when
you say it is a positive positive as opposed to being a false positive
(though I do have Webroot Spy Sweeper which catches all of these types
of things, especially quite old ones like this one seems to be)

Does it create some sort of machine to report any password I type to
some place the FBI can identify? If so I am sure they would like to
know about it as it would tend to give away its originator every time
it reports home?

On 10/03/2008 07:17 PM, dmanzaluni RemoveThis @googlemail.com sent:

Snip, snip...

> Does it create some sort of machine to report any password I type to
> some place the FBI can identify? If so I am sure they would like to
> know about it as it would tend to give away its originator every time
> it reports home?

The system that's reported to could be a zombie or bot in a foreign
country for which the FBI has no legal access.

<http://en.wikipedia.org/wiki/Zombie_computer>

Even if the purloined data /were/ going to a domestic system, I doubt
the FBI's involvement in favor of a white-collar crime unit within a
local law enforcement agency with a reduced budget and an unbelievable
unsolved case backlog.

The long-term solution is to take better care of your system in the
future and learn from what happened here.

Best wishes to you.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

From:



| I didnt quarantine it in adaware, I deleted it but I do trust you when
| you say it is a positive positive as opposed to being a false positive
| (though I do have Webroot Spy Sweeper which catches all of these types
| of things, especially quite old ones like this one seems to be)

| Does it create some sort of machine to report any password I type to
| some place the FBI can identify? If so I am sure they would like to
| know about it as it would tend to give away its originator every time
| it reports home?

1PW has gioven you good information. To add to that...
If you had a sample of the DLL/EXE file and submitted it to Virus Total the we could help
accomplish to things. The first is to help establish the validity of the find. The
second is if it was a righteous declaration we may be able to search the virus
encyclopedias of the AV vendors who recognized the trojan and found more specific
information on what the trojan tragets. Thus giving us a more definitive course of action
to take instead of the generic course of action taken if you are infected with password
stealer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp