Multifunctional spyware Spytech SpyAgent

Spytech SpyAgent can be classified as a multifunctional spyware. The reason of its popularity is in the rich functionality. We decided to test it and submit to our library, as this spyware is very well hiding and well protected from deletion. Spytech SpyAgent is designed for complete control over the actions of user and has a remote control. In order to detect its presence in the system run camoufleur COVERT. In the main window, in the “Network Monitor“, click on the “App” to see applications that are waiting for a connection. In the application list, you can see highlighted in red process rds.exe, which should provide access to spyware through the network.

ss01

In such a way, camoufleur COVERT allows you quickly detect spyware Spytech SpyAgent. However, there are other files and processes in the system on which it can be identified. Open the window “System processes” by pressing the button in the main window of COVERT. In the list we can see highlighted in red processes that belong spyware – sysdiag.exe and rds.exe. In yellow are highlighted processes that present themselves as system. Pay attention to the services.exe and svchost.exe. These are the names of system processes, without which the system can not work. Many advanced users could be deceived and do not realize the importance of warning by COVERT. However, COVERT has a function to monitor processes trying to trick the system by using the names of system processes. Any fake process will be highlighted in yellow.

ss02

If you look at the column “Address” in the “System processes“, you will notice that the files of processes highlighted in red and yellow, are in the same folder. This means that they belong to one spy program. Using the context menu of the list, terminate any spyware processes, open the folder with the application, and delete the entire contents of the folder.

ss03

After this operation, it seems that the spyware is removed. But this is not quite true. When we open the Monitor Driver from the main window of COVERT, we find the file system driver that Spytech SpyAgent installed to intercept certain user actions. Using the context menu, you can get information about the driver npf.sys. It allows applications to capture and transmit network packets bypassing the protocol stack. This driver has additional functions such as packet filtering at the kernel level, network statistics engine and support for remote packet capture.

ss04

Remove driver of the spy using the context menu “Driver Monitor” -> “Remove driver”. Restart your computer, and you can now safe to say that the spy Spytech SpyAgent is removed completely. For masking your actions from spy Spytech SpyAgent, without removing it from the system, go to a secure platform by clicking on the “Login to the secure platform” in the main window. Any actions taken inside the platform will not be intercepted by spyware. We can see this by checking its logs after leaving the secure platform.

ss05

P.S. Scanning with antivirus software will not lead to detect spyware Spytech SpyAgent in the system. When analyzing a particular file of spyware, antivirus does not detect threats.

Download COVERT Pro and check FREE of charge your computer for spyware and rootkits, which were not detected by an antivirus.

Watch the video «Presentation of the program».