.: ProAgent 2.1 Public :.
Released 16 years, 7 months ago. Oct 2005By ATmaCA
- From: Turkey
- Coded by: ATmaCA
- Version: ProAgent 2.1 Public
- Released date: Oct 2005, 16 years, 7 months ago.
- Coded in: C++
- Family: ProAgent
- Category: Information Stealer
Server: dropped files: c:\WINDOWS\system32\drivers\KeenSense.sys Size: 16 bytes c:\WINDOWS\system32\drivers\ksdevice.sys Size: 16 bytes added to registry: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Ghisler HKEY_CURRENT_USER\Software\mirabilis HKEY_CURRENT_USER\Software\NirSoft HKEY_CURRENT_USER\Software\RIT HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis HKEY_LOCAL_MACHINE\SOFTWARE\Miranda HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices" data: C:\WINDOWS\qservice.exe tested on Windows XP August 26, 2005
============================[ ProAgent v2.1 (11.08.2005) ]============================ [+] All the files made undetected against antiviruses. [+] Virtual Keyboard Logging support added to Special Editions. [+] MultiLanguage support added. [+] Server extensions menu added. [+] Advanved settings menu added. [+] Shell icons support added into icons menu. [+] Three characters limit for the extension of binded file improved. Any extensions with the any length will be accepted. [+] 10 MB limit for the binded file improved. Any file with any size will be accepted. [+] Grabbing more game-program serials support added. [+] Anti-rootkit bypass methods improved. [+] Grabbing FtpNow Passwords support added. [+] Grabbing DeluxeFtp Passwords support added. [+] Grabbing DeluxeFtp Pro Passwords support added. [+] Grabbing Morpheus Passwords support added. [+] Grabbing BitComet Passwords support added. [+] Grabbing FireFly Passwords support added. [+] Injection to Default browser method improved. [+] Injection to Default E-Mail Client feature added. [+] No-Injection feature added. [+] Automatic Server Uninstall on specified date feature added. [+] Delay Execution feature added in two options (after first restart or after a specified date). [+] Server for once time only support added (If you select this option, server will send you reports only once than it will remove itself). [+] Regularity of server logs improved. [+] E-Mail report sending module made more stable. [+] Added bypassing features for McAfee and Norton antivirus mail scan modules. [+] And lots of improvements... ATmaCA
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.