In questo caso Avast ha trovato il virus, ma era già troppo tardi, perchè riavviato il sistema operativo, non riesce più ad andare avanti oltre la schermata di avvio iniziale.
ecco la screeshoot
Queste sono le caratteristiche del virus:
The reasons for preparing and releasing Pr0rAt v1.9 for download are :
-We arranged the ICQ Pager notification again.
-A bug was found in Pr0rAt.cgi and its fixed.
-When a file was binded with the server, the server thinks its been modified so public editions couldn't connect to their servers and this bug is fixed.
-On the version info it was still viewing as version 1.8 and this error was fixed.
-Some Win XP SP2 users had problems with the Pr0rAt Client and we made some arrangements on the client.
-when the server was trying to disable Windows SP2 Security Center it was giving an error message and this bug was fixed.
-We cancelled Pr0rAt's helper program called ProMessenger and replaced it with ProConnective and no-ip.com.
-Turkish and English updated help files are added
-A critical security bug on the Servers FTP module was fixed
-Security bugs on Pr0rAt.cgi files are fixed
-Brute force protection was added to the server.
-Reverse (ConnectBack) Connection is added, so you can connect to PC's which are behind networks and routers.
-A feature to grab Cd-Keys and program serials which are installed on the target PC was added.
-We added a feature to grab Outlook 2003 passwords even if the passwords are not saved in the target PC's system.
-A feature is added to grab MSN Messenger passwords.
-A feature is added to grab Windows Messenger passwords.
-A feature is added to grab ICQ Lite 4.x passwords.
-A feature is added to grab AOL Instant Messenger passwords.
-A feature is added to grab Netscape 7 passwords.
-A feature is added to grab GAIM passwords.
-A feature is added to grab and view decrypted Yahoo Messenger passwords.
-A feature is added to grab all FlashFXP FTP version passwords.
-ICQ pager notification is fixed.
-We added a feature for updating your server, you don't need to reset your server, the only thing you must do is upload your new server to your target PC and run it so your old server will be removed and replaced with the new server. (Your connection with the target PC will be diconnected for a short time and when you connect to the same target again you will see that the server is updated by clicking on the "Online Editor" button.)
-We added a feature to automatically install and connect to the target pc with using microsoft Remote Desktop Connection.
-We added a feature to automatically connect to the target PC by using CuteFtp.
-A feature is added to hide the Server from registry and 2 party programs to view the server running on the startup. (+9kb)
-Extra protection against deleting, changing and copying servers was added.
-A feature is added against rootkits dedectors so they cant close the server.
-Client ve Server is adaptated to Windows XP Service Pack 2.
-A feature is added to the Server to bypass Windows XP Service Pack 2 "Security Centre"
-If your victims operating system starts in safe mode the server will still keep running. (this means it's very hard to remove the server manually)
-A option for receving notifications from the servers which are running behind networks or routers (192.*.*.* or 10.0.*.*) is added
-We added a function on the client to add and remove shortcuts on IExplorer Toolbar.
-There was a bug when trying to save the passwords from the server so we fixed it.
-When Pr0rAt client can't find the language directory it will create a new language directory.
-The problem in the system information section is fixed, Sometimes it couldn't find the printer which was installed on the target PC.
-Some language characters wasn't publishing correctly on the server and clients chat windows and this bug is fixed
-A option to set the Charset manually on your Keylogger window is added so you can read the keylogs which are written in a different languages even if that language isn't installed on your system.
-Some small technical bugs were fixed.
-We improved the Server edit protection with using MD5 hash algorithm and if even one byte is changed, the server will corrupt.
-Rename button is added on the file manager so you can rename file names.
Nessun commento:
Posta un commento