Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SV: Norton AntiVirus 2005 treats Radmin as a Virus ??!

From: Ill will <xillwillx () gmail com>
Date: Tue, 12 Oct 2004 21:08:42 -0400
oops...
http://www.illmob.org/0day/ghostradmin.zip


On Tue, 12 Oct 2004 17:40:32 +0200, Peter Kruse <kruse () krusesecurity dk> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,

Keep in mind that there's a client and a server part in the Radmin installation. During installation of this 
commercial software you'll have the option to choose wether you want to install the server or only the client.

If the client software is detected as malicious this would indeed be a bad call. However, if Symantec labels the 
server as a backdoor risk, it's likely because it was distributed as part of a malware package not so long ago (a few 
weeks back). Still, this doesn't justify to label the Radmin Client as a security risk. The Radmin software is widely 
used for remote administration in the same manner as VNC, Terminal Services or "Netbus" ;-)

Regards
Peter Kruse


-----Oprindelig meddelelse-----
Fra: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]På vegne af Todd Towles
Sendt: 12. oktober 2004 16:15
Til: Sowhat .; full-disclosure () lists netsys com
Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
Virus ??!


That is a widely used tool that is dropped by various malware
programs. I think even one of the JPEG exploits was dropping radmin.exe

It be better to assume you have a infection and prove yourself
wrong than the other way around. Look into it pretty deep, I would
suggest.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Sowhat .
Sent: Tuesday, October 12, 2004 7:51 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Norton AntiVirus 2005 treats
Radmin as a Virus ??!

hi ,list

I have installed Norton AntiVirus 2005 ,and when i open my
F:\ directory ,Norton pops up and show that,"Norton AntiVirus
has detected a virus on your computer" "Boject Name
F:\radmin.exe" "Virus Name Hacktool".

Is RemoteAdministrator a commercial remote control software
or a Hacktool ?

the following information is copied from the Radmin's site:
(http://www.radmin.com/)

"This fast, reliable, easy-to-use pc remote control software
saves you hours of running up and down stairs between
computers. Radmin allows you to take control of another PC on
a LAN, WAN or dial-up connection so you see the remote
computer's screen on your monitor and all your mouse
movements and keystrokes are directly transferred to the
remote machine. Radmin provides fast secure access to remote
PC's on Windows platforms.  "

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
q+lT8pAgWbC+ESuAaZRQNkYo
=bmBO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




-- 
- illwill
http://illmob.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: