Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search
Most of this page uses content from Wikipedia. The original article was at ProRat. The page may have contained some inaccurate or outdated information, so please rewrote some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

MultipleIssues.png This page has multiple issues. These issues most likely include issues with references and manual of style violations. Please help Malware Wiki by correcting these issues.

CreatorDavid L Smith
DateJune 27th, 2003
OriginUnited States of America
PlatformMicrosoft Windows
File Type.Backdoor
This box: view  talk  edit

ProRat is a Microsoft Windows based backdoor trojan, more commonly known as a Remote Administration Tool. As with other trojans it uses a client and server. ProRat opens a port on the computer which allows the client to perform numerous operations on the server (the machine being controlled). ProRat is available in a free version, and a paid version. In the free version, ProRat cannot connect to users over wide area networks (WANs), only over LANs (Local Area Networks). ProRat is known for its server to be almost impossible to remove without up-to-date antivirus software.

The ProRat trojan collects personal information from users. It was found on BonziBUDDY in 2003.


ProRat allows many malicious actions on the victim's machine. Some of its abilities include:

  • Logging keystrokes
  • Stealing passwords
  • Full control over files
  • Drive formatting
  • Open/close CD tray
  • Hide taskbar, desktop, and start button
  • Writing on-screen
  • Movement of cursor
  • Take screenshots
  • View system information
  • View webcam
  • Download & run files
  • Password Protect your bound server from being used by anyone else
  • Steal Personal Information

Infectious Method

ProRat has a server creator with features that allow it to be undetected by antivirus and firewall software, and also allow it to stealthily run in the background. The software runs completely (including rootkit) in Windows 2000/XP, and such features include killing security software, removing and disabling system restore points, and displaying a fake error message to mislead the victims. It is often "Bound" with other file types, such as image files, and when the image file is viewed, the server is installed in the background, undetected if no antivirus software has been installed.