Archive A Reconstructed © MegaSecurity Database
Pro Agent 2.0
Released 21 years, 1 month ago. March 2005
Copyright © MegaSecurity
By ATmaCA
Informations
| From | Turkey |
| Author | ATmaCA |
| Family | Pro Agent |
| Category | Information Stealer |
| Version | Pro Agent 2.0 |
| Released Date | Mar 2005, 21 years, 1 month ago. |
| Language | C++ |
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys Size: 16 bytes
c:\WINDOWS\system32\drivers\ksdevice.sys Size: 16 bytes
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe
HKEY_CURRENT_USER\Software\Far
HKEY_CURRENT_USER\Software\Far\Plugins
HKEY_CURRENT_USER\Software\Far\Plugins\FTP
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software\Ghisler\Windows Commander
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\mirabilis\icq
HKEY_CURRENT_USER\Software\mirabilis\icq\DefaultPrefs
HKEY_CURRENT_USER\Software\mirabilis\icq\NewOwners
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\NirSoft\MailPassView
HKEY_CURRENT_USER\Software\NirSoft\MessenPass
HKEY_CURRENT_USER\Software\RIT
HKEY_CURRENT_USER\Software\RIT\The Bat!
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Windows Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\Security
Author Information / Description
ProAgent Spy Software is one of the most powerful monitoring and surveillance applications available today.
FEATURES :
ABILITIES :
- No Processes are Visible in any Task manager,Process explorer(sysinternals).
- Hiden from sysinternals RootkitRevealer (RootkitRevealer is an advanced root kit detection utility)
- Hidden from by F-Secure BlackLight Rootkit Elimination Technology!
- Not opens a port on system.
- No connection ports are Visible while sending mail in any Tcp Viewer (netstat,fport,CurrPorts,Tcpview etc.)
- No files are Visible in any explorer.
- No registry keys and values are Visible in any registry editor like regedit.exe,msconfig,autorun.exe (sysinternals).
- Firewall bypassing by injecting Dll into default web browser and sending mail.
- New injection technic for new generation firewalls like zone-alarm's last version, etc...
- No need to your own SMTP server. It sends directly to MX.
- Automatic Uninstall.
PASSWORDS AND INFORMATIONS :
- Cute FTP
- Ipswitch WS_FTP
- FileZilla FTP
- FlashFXP FTP
- FAR FTP
- Peer FTP
- eXeem
- SendLink
- MSN Messenger
- Windows Messenger
- Yahoo Messenger
- AOL Instant Messenger
- GAIM
- Microsoft Outlook
- Outlook Express
- Eudora Mail
- IncrediMail
- The Bat!
- Group Mail Free
- Netscape
- ICQ 99b
- ICQ 2000a
- ICQ 2000b
- ICQ 2002a
- ICQ 2002b
- ICQ 2003a
- ICQ 2003b
- ICQ Lite
- ICQ2GO
- ICQ 4.x
- Miranda
- Trillian
- &RQ (ICQ client)
- Chat Anywhere
- All Passwords saved on Explorer
- All websites with password protection on Explorer
- All passwords on MSN Explorer
- Win/Total Commander
- RAS
- Dial-Up (9x-me-2000-XP-2003)
- Lots of Game Serials numbers
- All keylogger records with window names (multi language!)
- All installed programs' list
- All address book records
- Sound cards information
- Display Adapters information
- Processor information
- All special system (shell) folders
- All general windows system informations
- Physical memory (RAM) status
- Pc opened time information and more...
ATmaCAThis archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.