Pro Agent 2.0
Released 19 years, 8 months ago. March 2005
Copyright © MegaSecurity
By ATmaCA
Informations
From | Turkey |
Author | ATmaCA |
Family | Pro Agent |
Category | Information Stealer |
Version | Pro Agent 2.0 |
Released Date | Mar 2005, 19 years, 8 months ago. |
Language | C++ |
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys Size: 16 bytes
c:\WINDOWS\system32\drivers\ksdevice.sys Size: 16 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe
HKEY_CURRENT_USER\Software\Far
HKEY_CURRENT_USER\Software\Far\Plugins
HKEY_CURRENT_USER\Software\Far\Plugins\FTP
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software\Ghisler\Windows Commander
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\mirabilis\icq
HKEY_CURRENT_USER\Software\mirabilis\icq\DefaultPrefs
HKEY_CURRENT_USER\Software\mirabilis\icq\NewOwners
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\NirSoft\MailPassView
HKEY_CURRENT_USER\Software\NirSoft\MessenPass
HKEY_CURRENT_USER\Software\RIT
HKEY_CURRENT_USER\Software\RIT\The Bat!
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Windows Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\Security
Author Information / Description
ProAgent Spy Software is one of the most powerful monitoring and surveillance applications available today.
FEATURES :
ABILITIES :
- No Processes are Visible in any Task manager,Process explorer(sysinternals).
- Hiden from sysinternals RootkitRevealer (RootkitRevealer is an advanced root kit detection utility)
- Hidden from by F-Secure BlackLight Rootkit Elimination Technology!
- Not opens a port on system.
- No connection ports are Visible while sending mail in any Tcp Viewer (netstat,fport,CurrPorts,Tcpview etc.)
- No files are Visible in any explorer.
- No registry keys and values are Visible in any registry editor like regedit.exe,msconfig,autorun.exe (sysinternals).
- Firewall bypassing by injecting Dll into default web browser and sending mail.
- New injection technic for new generation firewalls like zone-alarm's last version, etc...
- No need to your own SMTP server. It sends directly to MX.
- Automatic Uninstall.
PASSWORDS AND INFORMATIONS :
- Cute FTP
- Ipswitch WS_FTP
- FileZilla FTP
- FlashFXP FTP
- FAR FTP
- Peer FTP
- eXeem
- SendLink
- MSN Messenger
- Windows Messenger
- Yahoo Messenger
- AOL Instant Messenger
- GAIM
- Microsoft Outlook
- Outlook Express
- Eudora Mail
- IncrediMail
- The Bat!
- Group Mail Free
- Netscape
- ICQ 99b
- ICQ 2000a
- ICQ 2000b
- ICQ 2002a
- ICQ 2002b
- ICQ 2003a
- ICQ 2003b
- ICQ Lite
- ICQ2GO
- ICQ 4.x
- Miranda
- Trillian
- &RQ (ICQ client)
- Chat Anywhere
- All Passwords saved on Explorer
- All websites with password protection on Explorer
- All passwords on MSN Explorer
- Win/Total Commander
- RAS
- Dial-Up (9x-me-2000-XP-2003)
- Lots of Game Serials numbers
- All keylogger records with window names (multi language!)
- All installed programs' list
- All address book records
- Sound cards information
- Display Adapters information
- Processor information
- All special system (shell) folders
- All general windows system informations
- Physical memory (RAM) status
- Pc opened time information and more...
ATmaCA
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.