I Feel Lucky I Feel Very Lucky

Pro Agent 2.1 Public

Released 18 years, 11 months ago. October 2005

Copyright © MegaSecurity

By ATmaCA

Pro Agent 2.1 Public
Informations
From Turkey
Author ATmaCA
Family Pro Agent
Category Information Stealer
Version Pro Agent 2.1 Public
Released Date Oct 2005, 18 years, 11 months ago.
Language C++
Additional Information 
Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys    Size: 16 bytes 
c:\WINDOWS\system32\drivers\ksdevice.sys     Size: 16 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\RIT
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe 
	
	
tested on Windows XP
August 26, 2005

Author Information / Description 
============================[ ProAgent v2.1 (11.08.2005) ]============================


[+] All the files made undetected against antiviruses.

[+] Virtual Keyboard Logging support added to Special Editions.

[+] MultiLanguage support added.

[+] Server extensions menu added.

[+] Advanved settings menu added.

[+] Shell icons support added into icons menu.

[+] Three characters limit for the extension of binded file improved. Any extensions
    with the any length will be accepted.

[+] 10 MB limit for the binded file improved. Any file with any size will be accepted.

[+] Grabbing more game-program serials support added.

[+] Anti-rootkit bypass methods improved.

[+] Grabbing FtpNow Passwords support added.

[+] Grabbing DeluxeFtp Passwords support added.

[+] Grabbing DeluxeFtp Pro Passwords support added.

[+] Grabbing Morpheus Passwords support added.

[+] Grabbing BitComet Passwords support added.

[+] Grabbing FireFly Passwords support added.

[+] Injection to Default browser method improved.

[+] Injection to Default E-Mail Client feature added.

[+] No-Injection feature added.

[+] Automatic Server Uninstall on specified date feature added.

[+] Delay Execution feature added in two options (after first restart or after a
    specified date).

[+] Server for once time only support added (If you select this option, server will
    send you reports only once than it will remove itself).

[+] Regularity of server logs improved.

[+] E-Mail report sending module made more stable.

[+] Added bypassing features for McAfee and Norton antivirus mail scan modules.

[+] And lots of improvements...




ATmaCA

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.