Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

AIM Password Stealer (James)

Overview

Vendor Description

 from the doc:

'How it works :

ClientThe client uses winsock to send commands to the serverto grab the screen names and passwords. When you type in theip address and click connect winsock sends information to the serverasking for a connection request if the server is open it will makea connection with your comp to the victims comp. then once the server sendsthe information to the client it will display the stolen names and passwordsinto a list box.

ServerThe server also uses winsock to send the screen name andpassword information back to the client. It first gets thesns and pws from the system registry, decrypts them and thenputs them into a list box.

How to use it :First you send the victim the "aim password stealer server.exe"(you might want to rename the exe first...duh!!)then you will have to get there ip addess. there are serveral waysof doing this.

1.open dos prompt and type in "netstat -n"its usually the 3rd ip from the top...2.use a program from lenshell called "ip theif pro 8"my favorite and is the best way of gettin someones ip on aim3.if your lucky ask them and they might give it to you

Second they will have to open the server file in order for you toget their shit. try to think of something convincing....Third open the client type in the ip of the person then click connect.wait for it to connect...shouldnt take long unless they have a really slowconnection. once your connected click on the file menu and select get screen namesand get passwords. wait untill they show up in the list boxes. if nothing shows up thenthey dont have anything saved...or there was an error.

i think that about sums it upif you need anymore information just ask mei tried to explain the best i could...'

Category

 AOL Pest: Any password stealer, exploit, DoS attack, or ICQ hack aimed at users of AOL.ICQ is an instant messenger service from mirabilis.com, now AOL. ICQ is a favorite service among hackers, and ICQ features are built into many trojans (such as stealing user's passwords, UINs, or notifying the hacker). Users of ICQ are warned ""By using the ICQ service and software... you may be subject to various risks, including... Spoofing, eavesdropping, sniffing, spamming, breaking passwords, harassment, fraud, forgery, 'imposturing', electronic trespassing, tampering, hacking, nuking, system contamination including without limitation use of viruses, worms and Trojan horses causing unauthorized, damaging or harmful access and/or retrieval of information and data on your computer and other forms of activity that may even be considered unlawful.""

 

Origins

 

Author

 James

Others By This Author

  AIM Protocol Exploits · AOL Instant Messenger (AIM) protocol information and password decoder ·

Email

 hakkor@nellyhq.com

Date of Origin

 December, 2001
 

Detection and Removal

Manual Removal

 Follow these steps to remove AIM Password Stealer (James) from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
AIMPasswordRecover  AIMPasswordRecover1.01  AIMPasswordRecover2.00  AIMPasswordRecoverTrojan  AIMPasswordStealer  AIMPasswordStealer(James)  AIMProtocolExploits  AIMPws2.0  AIMRecover  AIMRecover2.0  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development