Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Is this trojan adaware-created?

 
   Security Forums (Home) -> Lavasoft Ad-Aware RSS
Next:  AVG Trashes Attachments???  
Author Message
dmanzaluni

External


Since: Oct 03, 2008
Posts: 2



(Msg. 1) Posted: Fri Oct 03, 2008 6:51 am
Post subject: Is this trojan adaware-created?
Archived from groups: alt>comp>anti-virus (more info?)

Does anyone know anything about win32.trojan-psw.lineage please?

Adaware just 'caught' it after a new definitions update and I tried to
figure out what it was from a google search. All it revealed was about
429 references to it, almost all coming from adaware. None of the ones
which didnt come from adaware explained what it was though one did
refer to something called keygen and said it was a false positive. All
the rest seemed to point to some other site which ultimately pointed
to some adaware definitions update

Is this something created by Adaware to show that it is doing its job
and make users feel better or is it a genuine trojan?

 >> Stay informed about: Is this trojan adaware-created? 
Back to top
Login to vote
David H. Lipman

External


Since: Jul 04, 2003
Posts: 1745



(Msg. 2) Posted: Fri Oct 03, 2008 4:38 pm
Post subject: Re: Is this trojan adaware-created? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

From:

| Does anyone know anything about win32.trojan-psw.lineage please?

| Adaware just 'caught' it after a new definitions update and I tried to
| figure out what it was from a google search. All it revealed was about
| 429 references to it, almost all coming from adaware. None of the ones
| which didnt come from adaware explained what it was though one did
| refer to something called keygen and said it was a false positive. All
| the rest seemed to point to some other site which ultimately pointed
| to some adaware definitions update

| Is this something created by Adaware to show that it is doing its job
| and make users feel better or is it a genuine trojan?

No, the Lineage pasword stealing trojan is REAL !

Now if you want to determine if this is a False Positive, extract the file from quarantine
and upload it to Virus Total.

Otherwise, make sure your PC is clean.

Then change all your passwords that you use through that PC including those at banks, etc.

Then get your credit reports.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 >> Stay informed about: Is this trojan adaware-created? 
Back to top
Login to vote
dmanzaluni

External


Since: Oct 03, 2008
Posts: 2



(Msg. 3) Posted: Fri Oct 03, 2008 7:17 pm
Post subject: Re: Is this trojan adaware-created? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On Oct 3, 4:38 pm, "David H. Lipman"
wrote:
> From:
>
> | Does anyone know anything about win32.trojan-psw.lineage please?
>
> | Adaware just 'caught' it after a new definitions update and I tried to
> | figure out what it was from a google search. All it revealed was about
> | 429 references to it, almost all coming from adaware. None of the ones
> | which didnt come from adaware explained what it was though one did
> | refer to something called keygen and said it was a false positive. All
> | the rest seemed to point to some other site which ultimately pointed
> | to some adaware definitions update
>
> | Is this something created by Adaware to show that it is doing its job
> | and make users feel better or is it a genuine trojan?
>
> No, the Lineage pasword stealing trojan is REAL !
>
> Now if you want to determine if this is a False Positive, extract the file from quarantine
> and upload it to Virus Total.
>
> Otherwise, make sure your PC is clean.
>
> Then change all your passwords that you use through that PC including those at banks, etc.
>
> Then get your credit reports.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

I didnt quarantine it in adaware, I deleted it but I do trust you when
you say it is a positive positive as opposed to being a false positive
(though I do have Webroot Spy Sweeper which catches all of these types
of things, especially quite old ones like this one seems to be)

Does it create some sort of machine to report any password I type to
some place the FBI can identify? If so I am sure they would like to
know about it as it would tend to give away its originator every time
it reports home?
 >> Stay informed about: Is this trojan adaware-created? 
Back to top
Login to vote
1PW

External


Since: Oct 03, 2008
Posts: 9



(Msg. 4) Posted: Fri Oct 03, 2008 7:38 pm
Post subject: Re: Is this trojan adaware-created? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On 10/03/2008 07:17 PM, dmanzaluni.DeleteThis@googlemail.com sent:

Snip, snip...

> Does it create some sort of machine to report any password I type to
> some place the FBI can identify? If so I am sure they would like to
> know about it as it would tend to give away its originator every time
> it reports home?

The system that's reported to could be a zombie or bot in a foreign
country for which the FBI has no legal access.

<http://en.wikipedia.org/wiki/Zombie_computer>

Even if the purloined data /were/ going to a domestic system, I doubt
the FBI's involvement in favor of a white-collar crime unit within a
local law enforcement agency with a reduced budget and an unbelievable
unsolved case backlog.

The long-term solution is to take better care of your system in the
future and learn from what happened here.

Best wishes to you.

--
1PW

@?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
 >> Stay informed about: Is this trojan adaware-created? 
Back to top
Login to vote
David H. Lipman

External


Since: Jul 04, 2003
Posts: 1745



(Msg. 5) Posted: Sat Oct 04, 2008 8:23 am
Post subject: Re: Is this trojan adaware-created? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

From:



| I didnt quarantine it in adaware, I deleted it but I do trust you when
| you say it is a positive positive as opposed to being a false positive
| (though I do have Webroot Spy Sweeper which catches all of these types
| of things, especially quite old ones like this one seems to be)

| Does it create some sort of machine to report any password I type to
| some place the FBI can identify? If so I am sure they would like to
| know about it as it would tend to give away its originator every time
| it reports home?

1PW has gioven you good information. To add to that...
If you had a sample of the DLL/EXE file and submitted it to Virus Total the we could help
accomplish to things. The first is to help establish the validity of the find. The
second is if it was a righteous declaration we may be able to search the virus
encyclopedias of the AV vendors who recognized the trojan and found more specific
information on what the trojan tragets. Thus giving us a more definitive course of action
to take instead of the generic course of action taken if you are infected with password
stealer.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 >> Stay informed about: Is this trojan adaware-created? 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> Lavasoft Ad-Aware All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]