Full Disclosure mailing list archives
RE: Norton AntiVirus 2005 treats Radmin as a Virus ??!
From: "Peadro, Jeff \(AIS\)" <jpeaa () allstate com>
Date: Tue, 12 Oct 2004 11:03:46 -0500
Correct. RA was used in the JPEG exploit from easynews. quoted from GDI spoit itself " UPDATE: We have packet logs at http://easynews.com/virus/ THIS VIRUS IS NASTY! If you don't know what a jpeg virus is, check out: http://news.google.com/news?q=jpeg+virus Swany and I wrote a quick and nasty script to scan every jpeg that comes into Easynews.com.. It paged my cell phone at 6:47pm PDT on 9/26/2004 for the first hit, and 7:52pm PDT on 9/26/2004 for the second hit. Once this JPEG overflowed GDI+, it phoned home, connected to and ftp site and downloaded almost 2megs of stuff. It installs a trojan that installs itself as a service. It also installs radmin (radmin.com) running as 'r_server'. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard." It phones home to the same IP that is in the usenet post headers. Then it seems to connect to ftp://209.171.43.27/www/system/ u/p bawz/pagdba (last time I checked, 93 users where logged in!) " jEff -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Todd Towles Sent: Tuesday, October 12, 2004 9:15 AM To: Sowhat .; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??! That is a widely used tool that is dropped by various malware programs. I think even one of the JPEG exploits was dropping radmin.exe It be better to assume you have a infection and prove yourself wrong than the other way around. Look into it pretty deep, I would suggest.
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Sowhat . Sent: Tuesday, October 12, 2004 7:51 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??! hi ,list I have installed Norton AntiVirus 2005 ,and when i open my F:\ directory ,Norton pops up and show that,"Norton AntiVirus has detected a virus on your computer" "Boject Name F:\radmin.exe" "Virus Name Hacktool". Is RemoteAdministrator a commercial remote control software or a Hacktool ? the following information is copied from the Radmin's site: (http://www.radmin.com/) "This fast, reliable, easy-to-use pc remote control software saves you hours of running up and down stairs between computers. Radmin allows you to take control of another PC on a LAN, WAN or dial-up connection so you see the remote computer's screen on your monitor and all your mouse movements and keystrokes are directly transferred to the remote machine. Radmin provides fast secure access to remote PC's on Windows platforms. " _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??!, (continued)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! list (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Sowhat . (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Harlan Carvey (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Sowhat . (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Rob Bochan (Oct 12)
- Message not available
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Sowhat . (Oct 12)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! list (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Todd Towles (Oct 12)
- SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Peter Kruse (Oct 12)
- Re: SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ron DuFresne (Oct 12)
- Re: SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ill will (Oct 12)
- Norton AntiVirus 2005 treats Radmin as a Virus ??! Ken S (Oct 12)
- SV: Norton AntiVirus 2005 treats Radmin as a Virus ??! Peter Kruse (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Peadro, Jeff (AIS) (Oct 12)
- RE: Norton AntiVirus 2005 treats Radmin as a Virus ??! Todd Towles (Oct 12)
- Norton AntiVirus 2005 treats Radmin as a Virus ??! Feher Tamas (Oct 13)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Andrew Smith (Oct 13)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Noam Rathaus (Oct 14)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Ill will (Oct 14)
- Re: Norton AntiVirus 2005 treats Radmin as a Virus ??! Nick FitzGerald (Oct 14)