ProSpy 2.0.1 Fix-20 brivate

ProSpy 2.0.1 Fix-20 brivate
(Trojan-Spy.Win32.ProAgent.am)
(Backdoor.Win32.Prorat.mq for Server)
by ?
Released in December 2007
Made in Turkey




Server
Dropped Files:
c:\WINDOWS\_msn.exe                Size: 7,680 bytes 
c:\WINDOWS\_pnc.dat                Size: 182 bytes 
c:\WINDOWS\dxdiag.exe              Size: 736,256 bytes 
c:\WINDOWS\system32\_dxdiag.exe    Size: 736,256 bytes 
c:\WINDOWS\system32\_fps.exe       Size: 15,795 bytes 
c:\WINDOWS\system32\_icq.dll       Size: 7,168 bytes 
c:\WINDOWS\system32\_key.dll       Size: 24,576 bytes 
c:\WINDOWS\system32\_mps.exe       Size: 14,259 bytes 
c:\WINDOWS\system32\_pnc.dat       Size: 182 bytes 
c:\WINDOWS\system32\_pnc.exe       Size: 7,680 bytes 

Added to Registry:
HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_CURRENT_USER\Software\Ghisler\Windows Commander
HKEY_CURRENT_USER\Software\mirabilis\icq\DefaultPrefs
HKEY_CURRENT_USER\Software\mirabilis\icq\NewOwners
HKEY_CURRENT_USER\Software\RIT\The Bat!
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Ghisler\Windows Commander
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BTT9AE78-87RT-11dW-2944-FF034297}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\&RQ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trillian
HKEY_LOCAL_MACHINE\SOFTWARE\mirabilis\icq\DefaultPrefs
HKEY_LOCAL_MACHINE\SOFTWARE\Miranda
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "Microsoft DirectX Diagnostic Tool"
Data: C:\WINDOWS\dxdiag.exe 
	
	
	
Tested on Windows XP
January 28, 2008
MegaSecurity