ProRat 1.9
(Backdoor.Win32.Prorat.19)
(Backdoor.Win32.Prorat.19.k)

by P®O Group

Released in August 2004

Made in Turkey

more versions


  We added lots of features and fixed some bugs in this version so don't forget to use the server and clients last versions to get the best results.

  If you connect to a server which was created in Pr0R@t v1.8 and connect to the server with the version 1.9 you may have some problems so be sure to use the same versions of the server and client.

 You can learn the server version by clicking on the "Online Editor" section on the client, and if your server is an old version you can can update the server by creating a new one from Pr0R@t 1.9 client and upload and run it to the target PC with using file manager or remote downloader, after the server is restarted once the information of the server will be updated.
__________________________________________________________________________________
----------------------------------------------------------------------------------
RENEWAL AND ARRANGMENTS MADE IN  Pr0R@t VERSION 1.9 : Friday 27.08.2004
----------------------------------------------------------------------------------

The reasons for preparing and releasing Pr0R@t v1.9 for download are :

-We arranged the ICQ Pager notification again.

-A bug was found in [email protected] and its fixed.

-When a file was binded with the server, the server thinks its been modified so public editions couldn't connect to their servers and this bug is fixed.

-On the version info it was still viewing as version 1.8 and this error was fixed.

-Some Win XP SP2 users had problems with the Pr0R@t Client and we made some arrangements on the client.

-when the server was trying to disable Windows SP2 Security Center it was giving an error message and this bug was fixed.

-We cancelled Pr0R@t's helper program called ProMessenger and replaced it with ProConnective and no-ip.com.

-Turkish and English updated help files are added

-A critical security bug on the Servers FTP module was fixed

-Security bugs on [email protected] files are fixed

-Brute force protection was added to the server.

-Reverse (ConnectBack) Connection is added, so you can connect to PC's which are behind networks and routers.

-A feature to grab Cd-Keys and program serials which are installed on the target PC was added.

-We added a feature to grab Outlook 2003 passwords even if the passwords are not saved in the target PC's system. 

-A feature is added to grab MSN Messenger passwords.

-A feature is added to grab Windows Messenger passwords.

-A feature is added to grab ICQ Lite 4.x passwords.

-A feature is added to grab AOL Instant Messenger passwords.

-A feature is added to grab Netscape 7 passwords.

-A feature is added to grab GAIM passwords.

-A feature is added to grab and view decrypted Yahoo Messenger passwords.

-A feature is added to grab all FlashFXP FTP version passwords.

-ICQ pager notification is fixed.

-We added a feature for updating your server, you don't need to reset your server, the only thing you must do is upload your new server to your target PC and run it so your old server will be removed and replaced with the new server. (Your connection with the target PC will be diconnected for a short time and when you connect to the same target again you will see that the server is updated by clicking on the "Online Editor" button.)

-We added a feature to automatically install and connect to the target pc with using microsoft Remote Desktop Connection.

-We added a feature to automatically connect to the target PC by using CuteFtp.

-A feature is added to hide the Server from registry and 2 party programs to view the server running on the startup. (+9kb)

-Extra protection against deleting, changing and copying servers was added.

-A feature is added against rootkits dedectors so they cant close the server.

-Client ve Server is adaptated to Windows XP Service Pack 2.

-A feature is added to the Server to bypass Windows XP Service Pack 2 "Security Centre"

-If your victims operating system starts in safe mode the server will still keep running. (this means it's very hard to remove the server manually)

-A option for receving notifications from the servers which are running behind networks or routers (192.*.*.* or 10.0.*.*) is added

-We added a function on the client to add and remove shortcuts on IExplorer Toolbar.

-There was a bug when trying to save the passwords from the server so we fixed it.

-When Pr0R@t client can't find the language directory it will create a new language directory.

-The problem in the system information section is fixed, Sometimes it couldn't find the printer which was installed on the target PC.

-Some language characters wasn't publishing correctly on the server and clients chat windows and this bug is fixed

-A option to set the Charset manually on your Keylogger window is added so you can read the keylogs which are written in a different languages even if that language isn't installed on your system.

-Some small technical bugs were fixed.

-We improved the Server edit protection with using MD5 hash algorithm and if even one byte is changed, the server will corrupt.

-Rename button is added on the file manager so you can rename file names.

P®O Group


Server1:
size: 351.276 bytes

port: 5110, 5112, 51100, 1037, 1038, 1039 TCP

dropped files:
c:\WINNT\ktd32.atm             size: 57 bytes 
c:\WINNT\services.exe          size: 351.276 bytes 
c:\WINNT\system\sservice.exe   size: 351.276 bytes 
c:\WINNT\system32\fservice.exe size: 351.276 bytes 
c:\WINNT\system32\reginv.dll   size: 20.992 bytes 
c:\WINNT\system32\winkey.dll   size: 13.312 bytes 

registry added:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y} "StubPath"
data: C:\WINNT\system\sservice.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "DirectX For Microsoft® Windows"
data: C:\WINNT\system32\fservice.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
data: Explorer.exe C:\WINNT\system32\fservice.exe 
	
HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings "XP_FW_Disable"
data: 1
 
HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings "XP_SYS_Recovery"
data: 1 


Server2:
down_server.exe: 
size: 5.632 bytes (uncompressed)

tested on win2000

MegaSecurity