Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

AIMVision

Overview

Vendor Description

 From the doc: 'AIM Spy: To use the AIM Spy, simply click the Enable button. Once the spy is enabled, you will receive the victim's AIM conversations at the same time he does, complete with colors and fonts. You may also notice that at the bottom of the spy window is the victim's screenname, in case you were wondering what is was. Passwords: This is a nice feature. Simple click the Refresh button and all the saved screennames and their passwords will appear. However, if the victim does not save their password(s) on their computer, it will appear as ''. SIN: This is a relatively new feature. You dont have to be connected to a server to use the feature, and it's ok if you already are. If you specified YOUR static IP while using Edit Server before sending the server to the victim, simple click the Enable button, and your victim(s) will appear and disappear whenever they are online or offline. The SIN will display the victim's IP, hostname and server port. To connect to any server listed in the SIN window, simply double click it. -- Extras -- Email Notify: This option sets the email notify option. You can either set the server to email you a notification or to disable this option. ICQ Notify: This option sets the ICQ notify option. You can either set the server to send you an ICQ page notification or to disable this option. SIN Notify: This option sets the SIN notify option. You can either set the static IP to receive the SIN notifications of the server, or to disable it. Close Server: This option will close the server. Please note that the server will not restart until the victim restarts their computer. Restart: This option restarts the server. This is useful if you feel that the server is running slow, or if you want it to reread the settings. Remove: This option will completely remove the server from the victim's computer. Please note that after using this option, you will NOT have access to the victim's computer until you re-infect them. Shutdown: This option will not only shut down the server, but the victim's computer as well. Reboot: This option will restart the victim's computer. Log Off: This option will make the victim's computer log off it's current session. Set Password: You can use this option to either change the current server password, or remove it. Change Port: This command will change the port that the server is running on. After entering the new port, the server will be restarted on that port. Client Colors: This option will let you set some of the client's default colors, like the borders of the buttons, backgrounds..etc. This is especially helpful if you cant see the text very well in the AIM Spy.'

Alias

 Backdoor Program [Panda], Backdoor.AIMVision.12 [Kaspersky], Backdoor.AIMVission.13, Backdoor.AIMVission.14, Backdoor.AIMVission.14.b, Backdoor/AimVision.12 [Computer Associates], Backdoor/Spy.AimVision.11 [Computer Associates], Backdoor/Spy.AimVision.11.Edit [Computer Associates], BackDoor-ABZ [McAfee], security risk or a "backdoor" program [F-Prot], Trojan Horse [Panda], Trojan Horse.LC [Panda], Trojan.Spy.AimVision.11, Trojan.Spy.AimVision.11 [Kaspersky], TrojanSpy.Win32.AimVision.11 [Kaspersky], Univ.AP.G [Panda], Win32.AimVision.11 [Computer Associates], Win32.AimVision.12 [Computer Associates], Win32/Aim.B trojan [Eset], Win32/AIMVision.12 trojan [Eset],

Category

 RAT: A Remote Administration Tool, or RAT, is a Trojan that when run, provides an attacker with the capability of remotely controlling a machine via a ""client"" in the attacker's machine, and a ""server"" in the victim's machine. Examples include Back Orifice, NetBus, SubSeven, and Hack'a'tack. What happens when a server is installed in a victim's machine depends on the capabilities of the trojan, the interests of the attacker, and whether or not control of the server is ever gained by another attacker -- who might have entirely different interests. Infections by remote administration Trojans on Windows machines are becoming as frequent as viruses. One common vector is through File and Print Sharing, when home users inadvertently open up their system to the rest of the world. If an attacker has access to the hard-drive, he/she can place the trojan in the startup folder. This will run the trojan the next time the user logs in. Another common vector is when the attacker simply e-mails the trojan to the user along with a social engineering hack that convinces the user to run it against their better judgment.

Backdoor:  A secret or undocumented means of getting into a computer system, or software that uses such a means to penetrate a system. Some software has a backdoor placed by the programmer to allow them to gain access to troubleshoot or change the program. Software that is classified as a "backdoor" is designed to exploit a vulnerability in a system, and open it to future access by an attacker.

Key Logger:  (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).

Trojan:  Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs.

Variants

   AIMVision 1.03 ·  AIMVision 1.04 ·  AIMVision 1.4 ·
 

Origins

 

Author

 Tako

Others By This Author

  Constructor.Win32.Bboxet.a · Klepto · Klepto 1.1 · Sabotage ·

Programming Language

 Written in Visual Basic, compressed with Petite

Date of Origin

 Variants from March, 2002 to June, 2005
 

Detection and Removal

Manual Removal

 Follow these steps to remove AIMVision from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Autorun Reference:

Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\windows runtime help, delete it and reboot the machine immediately.

If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\win32hlp, delete it and reboot the machine immediately.



Unregister DLLs:

Unregister these DLLs with Regsvr32, then reboot:



Clean Registry:

Remove these registry items (if present) with RegEdit:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
AIMSpammer2.0.0  AIMSpy  AIMSpy  AIMSpy1.0  AIMSpy3.0  AIMVision  AIMVision1.03  AIMVision1.04  AIMVision1.4  AIMaster  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development