Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Drop.Small.amx.1
Date discovered:15/03/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:73.728 Bytes
MD5 checksum:566599bfee9c746b34c82649447a65c2
VDF version:6.34.00.36

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: PWS-Lineage.dll
   •  Kaspersky: Trojan-PSW.Win32.Lineage.xh
   •  Bitdefender: Trojan.PWS.Lineage.XH


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a file
   • Drops a malicious file
   • Records keystrokes
   • Registry modification
   • Steals information

 Files The following files are created:

%SYSDIR%\%random character string%.dll Further investigation pointed out that this file is malware, too. Detected as: TR/PSW.Lineage.XH

c:\t1game.txt This file contains collected keystrokes.

 Registry The following registry keys are added:

[HKCR\CLSID\{1BE76F3F-F681-46B6-9DF7-A4B52C537B8E}]
   • "@" = "NEWTT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   ShellExecuteHooks]
   • "{1BE76F3F-F681-46B6-9DF7-A4B52C537B8E}" = ""

[HKCR\CLSID\{1BE76F3F-F681-46B6-9DF7-A4B52C537B8E}\InProcServer32]
   • @="%SYSDIR%\%malware dll%"
   • "ThreadingModel"="Apartment"

 Stealing It tries to steal the following information:

The password from the following program:
   • Lineage

 File details Programming language:
The malware program was written in Delphi.

Description inserted by Iulia Diaconescu on Wednesday, March 15, 2006
Description updated by Iulia Diaconescu on Wednesday, March 15, 2006

Back . . . .