Name: Aladino Server 0.6

 

Main:  aserver.exe 38.5kbs

 

Keys: value added

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Regdll32"

                        Type: REG_SZ

                        Data: C:\WINDOWS\SYSTEM\regdll32.exe

 

Version: 0.6

 

Type: remote administration

 

Port/s used:  5005

 

Files: c:\WINDOWS\SYSTEM\regdll32.exe size 39,424 bytes

 

Modifies:  none             

 

Aliases:  none

 

Behaviour: Trojan runs in stealth (cannot be seen in ctrl-alt-del) but the server does not melt (disappear once executed)

 

Removal:  Go to start, and then run, and type regedit, follow this path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Right click on run services and look for the following: "Regdll32”, delete this value then reboot.

When windows restarts then delete: c:\WINDOWS\SYSTEM\regdll32.exe size 39,424 bytes

 

Special: The client-server communication is ciphered with the XTEA algorithm and a random 64 bits password that changes on each connection. At the beginning of each connection, the client validates the identification with which both client and server will authenticate each other, and establishes the password that will be used to cipher the connection.

 

Author: Topo[LB] & Ethdra

 

Notes: This trojan is a bit too difficult to use for your average wannabe hacker, but in the hands of an expert it could do a lot of damage.