Archive Helmet Icon Archive A Reconstructed © MegaSecurity Database

I Feel Lucky I Feel Very Lucky

Pro Agent 2.1 Public

Released 20 years, 6 months ago. October 2005

Copyright © MegaSecurity

By ATmaCA

Pro Agent 2.1 Public
Informations
From Turkey
Author ATmaCA
Family Pro Agent
Category Information Stealer
Version Pro Agent 2.1 Public
Released Date Oct 2005, 20 years, 6 months ago.
Language C++
Additional Information
Server:
dropped files:
c:\WINDOWS\system32\drivers\KeenSense.sys    Size: 16 bytes 
c:\WINDOWS\system32\drivers\ksdevice.sys     Size: 16 bytes 

added to registry:
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler
HKEY_CURRENT_USER\Software\mirabilis
HKEY_CURRENT_USER\Software\NirSoft
HKEY_CURRENT_USER\Software\RIT
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices"
data: C:\WINDOWS\qservice.exe 
	
	
tested on Windows XP
August 26, 2005

Author Information / Description
============================[ ProAgent v2.1 (11.08.2005) ]============================


[+] All the files made undetected against antiviruses.

[+] Virtual Keyboard Logging support added to Special Editions.

[+] MultiLanguage support added.

[+] Server extensions menu added.

[+] Advanved settings menu added.

[+] Shell icons support added into icons menu.

[+] Three characters limit for the extension of binded file improved. Any extensions
    with the any length will be accepted.

[+] 10 MB limit for the binded file improved. Any file with any size will be accepted.

[+] Grabbing more game-program serials support added.

[+] Anti-rootkit bypass methods improved.

[+] Grabbing FtpNow Passwords support added.

[+] Grabbing DeluxeFtp Passwords support added.

[+] Grabbing DeluxeFtp Pro Passwords support added.

[+] Grabbing Morpheus Passwords support added.

[+] Grabbing BitComet Passwords support added.

[+] Grabbing FireFly Passwords support added.

[+] Injection to Default browser method improved.

[+] Injection to Default E-Mail Client feature added.

[+] No-Injection feature added.

[+] Automatic Server Uninstall on specified date feature added.

[+] Delay Execution feature added in two options (after first restart or after a
    specified date).

[+] Server for once time only support added (If you select this option, server will
    send you reports only once than it will remove itself).

[+] Regularity of server logs improved.

[+] E-Mail report sending module made more stable.

[+] Added bypassing features for McAfee and Norton antivirus mail scan modules.

[+] And lots of improvements...




ATmaCA

This archive is an almost-complete reconstruction of the legendary Mega Security (also known as Kobayashi), a premier 90s-era "Trojan Database" where malware authors once showcased their work. After a decade offline, the site was brought back in August 2024 by its original creator, MasterRat, who authorized the Malware Gallery to host this modernized, searchable version of the collection. While the original site remains available for those seeking a nostalgic, old-school experience, we are proud to continue its legacy here. Full credit and thanks go to MasterRat and the retired Mega Security staff for their years of dedicated work in cataloging these historical samples.