Full Disclosure mailing list archives

RE: Norton AntiVirus 2005 treats Radmin as a Virus ??!

From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 12 Oct 2004 13:34:04 -0500

I do agree with you Peter about the server and client part. I truly believe that Norton is detecting it as such only 
because it is being used in exploits. There are many exploits that drop this client onto the workstation. If you know 
it is there then the detection shouldn't surprise you. But if you are e-mailing a list asking about it and what it is. 
You most likely didn't install it.

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Peter Kruse
Sent: Tuesday, October 12, 2004 10:41 AM
To: Todd Towles; Sowhat .; full-disclosure () lists netsys com
Subject: SV: [Full-disclosure] Norton AntiVirus 2005 treats 
Radmin as a Virus ??!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,

Keep in mind that there's a client and a server part in the 
Radmin installation. During installation of this commercial 
software you'll have the option to choose wether you want to 
install the server or only the client. 

If the client software is detected as malicious this would 
indeed be a bad call. However, if Symantec labels the server 
as a backdoor risk, it's likely because it was distributed as 
part of a malware package not so long ago (a few weeks back). 
Still, this doesn't justify to label the Radmin Client as a 
security risk. The Radmin software is widely used for remote 
administration in the same manner as VNC, Terminal Services 
or "Netbus" ;-)

Regards
Peter Kruse

-----Oprindelig meddelelse-----
Fra: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]På vegne af

Todd Towles

Sendt: 12. oktober 2004 16:15
Til: Sowhat .; full-disclosure () lists netsys com
Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a 
Virus ??!


That is a widely used tool that is dropped by various

malware programs.

I think even one of the JPEG exploits was dropping radmin.exe

It be better to assume you have a infection and prove yourself wrong 
than the other way around. Look into it pretty deep, I would suggest.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf

Of Sowhat .

Sent: Tuesday, October 12, 2004 7:51 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Norton AntiVirus 2005 treats

Radmin as a

Virus ??!

hi ,list

I have installed Norton AntiVirus 2005 ,and when i open my F:\ 
directory ,Norton pops up and show that,"Norton AntiVirus has 
detected a virus on your computer" "Boject Name

F:\radmin.exe" "Virus

Name Hacktool".

Is RemoteAdministrator a commercial remote control software or a 
Hacktool ?

the following information is copied from the Radmin's site:
(http://www.radmin.com/)

"This fast, reliable, easy-to-use pc remote control software saves 
you hours of running up and down stairs between computers. Radmin 
allows you to take control of another PC on a LAN, WAN or dial-up 
connection so you see the remote computer's screen on your monitor 
and all your mouse movements and keystrokes are directly

transferred

to the remote machine. Radmin provides fast secure access

to remote

PC's on Windows platforms.  "

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
q+lT8pAgWbC+ESuAaZRQNkYo
=bmBO
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Norton AntiVirus 2005 treats Radmin as a Virus ??!, (continued)
- - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Sowhat . (Oct 12)
    - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Harlan Carvey (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Rob Bochan (Oct 12)
- Message not available
  - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Sowhat . (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Todd Towles (Oct 12)
  - SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Peter Kruse (Oct 12)
    - Re: SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ron DuFresne (Oct 12)
    - Re: SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ill will (Oct 12)
  - Norton AntiVirus 2005 treats Radmin as a Virus ??! Ken S (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Peadro, Jeff (AIS) (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Todd Towles (Oct 12)
- Norton AntiVirus 2005 treats Radmin as a Virus ??! Feher Tamas (Oct 13)
  - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Andrew Smith (Oct 13)
  - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Noam Rathaus (Oct 14)
    - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ill will (Oct 14)
    - Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Nick FitzGerald (Oct 14)