Aladino removal

Spyware Aladino Information
Name: Aladino Category: RAT Date: 2001-03-03 Author: Ethdra Dangerous: Yes

Aladino is RAT which is malware.
Installing it is highly not recommended.

Aladino description by Ethdra:

Creator: ´Aladino Server 0.6 and Aladino Client 0.41 (c) 2001 Topo[LB] and Ethdra int80h.dhs.org Aladino is a client/server program that allows remote machine controlling & runs on any Windows version (w95,w98,wMe,NT y 2000). The Aladino server is a 38KB executable file which after executing, copies itself to the Windows´ system directory & adds a registry entry to guarantee its execution for the next time the computer is switched on (logged on in NT or 2000). It opens de 5005 TCP port for listening to client connections. The client-server communication is cyphered with the XTEA algorithm & a random 64 bits password that changes on each connection. At the beginning of each connection, the client validates the identification with which both client & server will authenticate each other, & establishes the password that will be used to cypher the connection. The server provides 4 functionalities implemented as separated processes: * BOUNCER: multiuser bouncer service that listens to in a certain port & redirects the connection to the specified destination host & port. This is done transparently so that there´s no validation of the identification or connection cypher. * TELNET SERVER: multiuser shell service that listens to in a certain port & opens a shell redirected to that port. * MINI FTP: file transfer multiuser service that allows sending & receiving binary any file from or to the machine. * KEYLOGGER: process that captures typed-in key sequences in the remote machine to the specified file. Also, there are other 14 additional functions witch are listed below: * Message sending as a popup window * Machine rebooting * Logon session closing * General system info requesting * Remote screen capturing * BMP viewing * Process listing * Process killing * Extern application executing * Keystroke pushing * Visible window list * Registry entry deleting * Registry entry restoring * Aladino server death If the server is run with "actualize" parameter will be a delay of 20 secs after wich aladino will force its copy to the system directory (overwritting an old version) & start offering the services normally. This function has been included for making easier the remote server update, the only thing that´s had to be done is to upload by FTP the new version of the aladino server, run it with the "actualize" parameter & send the order of death to the actual server. After 30 secs, the new server will replace the old one & the update will be complete. The client is like a text-mode shell. It has different parameters for each service of the server it wants to connect to: usage: aclient [/ntsh | /ftp ] Examples: aclient 10.0.0.1 This will connect the person to the control console of the aladino server at host 10.0.0.1 aclient 10.0.0.1 /ntsh 6000 This will connect the person to the telnet service that listens for incoming connections at port 6000 of the host 10.0.0.1 aclient 10.0.0.1 /ftp 7000 This will connect the person to the miniFTP service that listens for incoming connections at port 7000 of the host 10.0.0.1 The HELP command provides a listing of all available command´s syntax. If you need a detailed info about a command you can use HELP . It is necessary to keep in mind that \ must be duplicated while especifing paths & that \ followed by a space avoids using that space as parameter separator. Examples: SCREEN_CAPTURE c:\\temp\\myscreen.bmp MESSAGE this\ is\ the\ title This\ is\ the\ text For a detailed info about the 35 client commands, examples of use, faq & that kind of things, we suggest the "Aladino manual for dummies". Both client & server are at beta stage.

This RAT is also known as:

•Backdoor.Aladino.a.
• Backdoor.Aladino.a - named by Kaspersky.
• Backdoor/Aladino - named by Computer Associates.
• Backdoor/Aladino.0_6.Server - named by Computer Associates.
• BackDoor-NL - named by McAfee.
• Bck/Aladino - named by Panda.
• security risk or a "backdoor" program - named by F-Prot.
• Win32/Aladino trojan - named by Eset.

>> Delete Aladino automatically - Download Spyware Doctor

Aladino Removal Instructions
Kill the following processes aclient.exe, aserver.exe, regdll32.exe
Remove the following files aclient.exe, aserver.exe, readme-sp.txt, readme.txt. regdll32.exe in Windows\system\

Bookmark Aladino page

Previous Spyware: Remove Alabanza exploit

Next Spyware: Remove Alameda