by ATmaCA
Written in C++
Released in March 2005
Made in Turkey
ProAgent Spy Software is one of the most powerful monitoring and surveillance applications available today. FEATURES : ABILITIES : - No Processes are Visible in any Task manager,Process explorer(sysinternals). - Hiden from sysinternals RootkitRevealer (RootkitRevealer is an advanced root kit detection utility) - Hidden from by F-Secure BlackLight Rootkit Elimination Technology! - Not opens a port on system. - No connection ports are Visible while sending mail in any Tcp Viewer (netstat,fport,CurrPorts,Tcpview etc.) - No files are Visible in any explorer. - No registry keys and values are Visible in any registry editor like regedit.exe,msconfig,autorun.exe (sysinternals). - Firewall bypassing by injecting Dll into default web browser and sending mail. - New injection technic for new generation firewalls like zone-alarm's last version, etc... - No need to your own SMTP server. It sends directly to MX. - Automatic Uninstall. PASSWORDS AND INFORMATIONS : - Cute FTP - Ipswitch WS_FTP - FileZilla FTP - FlashFXP FTP - FAR FTP - Peer FTP - eXeem - SendLink - MSN Messenger - Windows Messenger - Yahoo Messenger - AOL Instant Messenger - GAIM - Microsoft Outlook - Outlook Express - Eudora Mail - IncrediMail - The Bat! - Group Mail Free - Netscape - ICQ 99b - ICQ 2000a - ICQ 2000b - ICQ 2002a - ICQ 2002b - ICQ 2003a - ICQ 2003b - ICQ Lite - ICQ2GO - ICQ 4.x - Miranda - Trillian - &RQ (ICQ client) - Chat Anywhere - All Passwords saved on Explorer - All websites with password protection on Explorer - All passwords on MSN Explorer - Win/Total Commander - RAS - Dial-Up (9x-me-2000-XP-2003) - Lots of Game Serials numbers - All keylogger records with window names (multi language!) - All installed programs' list - All address book records - Sound cards information - Display Adapters information - Processor information - All special system (shell) folders - All general windows system informations - Physical memory (RAM) status - Pc opened time information and more... ATmaCA Server: dropped files: c:\WINDOWS\system32\drivers\KeenSense.sys Size: 16 bytes c:\WINDOWS\system32\drivers\ksdevice.sys Size: 16 bytes added to registry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "qservices" data: C:\WINDOWS\qservice.exe HKEY_CURRENT_USER\Software\Far HKEY_CURRENT_USER\Software\Far\Plugins HKEY_CURRENT_USER\Software\Far\Plugins\FTP HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Ghisler HKEY_CURRENT_USER\Software\Ghisler\Total Commander HKEY_CURRENT_USER\Software\Ghisler\Windows Commander HKEY_CURRENT_USER\Software\mirabilis HKEY_CURRENT_USER\Software\mirabilis\icq HKEY_CURRENT_USER\Software\mirabilis\icq\DefaultPrefs HKEY_CURRENT_USER\Software\mirabilis\icq\NewOwners HKEY_CURRENT_USER\Software\NirSoft HKEY_CURRENT_USER\Software\NirSoft\MailPassView HKEY_CURRENT_USER\Software\NirSoft\MessenPass HKEY_CURRENT_USER\Software\RIT HKEY_CURRENT_USER\Software\RIT\The Bat! HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Total Commander HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Windows Commander HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs HKEY_LOCAL_MACHINE\SOFTWARE\Miranda HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JiurlPortHide\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JIURLPORTHIDE\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JiurlPortHide\SecurityMegaSecurity