I Feel Lucky I Feel Very Lucky

Pro Agent 2.1 Public

Released 19 years, 1 month ago. October 2005

Copyright © MegaSecurity

By ATmaCA

Pro Agent 2.1 Public
Informations
From Turkey
Author ATmaCA
Family Pro Agent
Category Information Stealer
Version Pro Agent 2.1 Public
Released Date Oct 2005, 19 years, 1 month ago.
Language C++
Additional Information 
Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys    Size: 16 bytes 
c:\WINDOWS\system32\drivers\ksdevice.sys     Size: 16 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\RIT
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe 
	
	
tested on Windows XP
August 26, 2005

Author Information / Description 
============================[ ProAgent v2.1 (11.08.2005) ]============================


[+] All the files made undetected against antiviruses.

[+] Virtual Keyboard Logging support added to Special Editions.

[+] MultiLanguage support added.

[+] Server extensions menu added.

[+] Advanved settings menu added.

[+] Shell icons support added into icons menu.

[+] Three characters limit for the extension of binded file improved. Any extensions
    with the any length will be accepted.

[+] 10 MB limit for the binded file improved. Any file with any size will be accepted.

[+] Grabbing more game-program serials support added.

[+] Anti-rootkit bypass methods improved.

[+] Grabbing FtpNow Passwords support added.

[+] Grabbing DeluxeFtp Passwords support added.

[+] Grabbing DeluxeFtp Pro Passwords support added.

[+] Grabbing Morpheus Passwords support added.

[+] Grabbing BitComet Passwords support added.

[+] Grabbing FireFly Passwords support added.

[+] Injection to Default browser method improved.

[+] Injection to Default E-Mail Client feature added.

[+] No-Injection feature added.

[+] Automatic Server Uninstall on specified date feature added.

[+] Delay Execution feature added in two options (after first restart or after a
    specified date).

[+] Server for once time only support added (If you select this option, server will
    send you reports only once than it will remove itself).

[+] Regularity of server logs improved.

[+] E-Mail report sending module made more stable.

[+] Added bypassing features for McAfee and Norton antivirus mail scan modules.

[+] And lots of improvements...




ATmaCA

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.