The Lingling Trojan collects information

The main task of the Trojan called Lingling.B is to collect confidential data and system information hidden behind Internet Explorer and World of Warcraft.

Detecting Lingling.B without antivirus software is quite difficult, as the malware tries to hide behind well-known software such as Internet Explorer or World of Warcraft. If he succeeds, he will perform his task by hiding in the background. The purpose of the Trojan is to collect as much confidential data and system information as possible about infected computers. It mainly hunts for the following data:
- usernames and passwords
- IP addresses
- operating system related information.

When the Lingling.B Trojan starts, it performs the following actions:

1. Create the following files:
% System% \ ~ .exe
% Temp% \ svchost.exe
% Temp% \ g0ld.com
C: \ WINDOWS \ chenzi.exe
% System% \ bdscheca001.dll

2. Stops the following process if it is running:
QQLiveUpdate.exe

3. Delete the following file:
% System% \ drivers \ etc \ Hosts

4. Create the following entries in the registration database:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C0CFA58-3A 6F-51ba-9EFE-5320F4F621BA}\InProcServer32″(Default)” = “%System%\bdscheca001.dll”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV ersion\Explorer\ShellExecuteHooks\{9C0CFA58-3A6F-51ba-9EFE -5320F4F621BA}

5. It constantly monitors the activity of Internet Explorer and the possible presence of windows belonging to World of Warcraft.

6. If World of Warcraft is running on your computer, it will try to obtain usernames, passwords, system information, and IP addresses.

7. Transmits the collected information to a remote server.