SV: Norton AntiVirus 2005 treats Radmin as a Virus ??!

["Peter Kruse" <kruse () krusesecurity dk>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,

Keep in mind that there's a client and a server part in the Radmin installation. During installation of this commercial 
software you'll have the option to choose wether you want to install the server or only the client. 

If the client software is detected as malicious this would indeed be a bad call. However, if Symantec labels the server 
as a backdoor risk, it's likely because it was distributed as part of a malware package not so long ago (a few weeks 
back). Still, this doesn't justify to label the Radmin Client as a security risk. The Radmin software is widely used 
for remote administration in the same manner as VNC, Terminal Services or "Netbus" ;-)

Regards
Peter Kruse

> -----Oprindelig meddelelse-----
> Fra: full-disclosure-admin () lists netsys com
> [mailto:full-disclosure-admin () lists netsys com]På vegne af Todd Towles
> Sendt: 12. oktober 2004 16:15
> Til: Sowhat .; full-disclosure () lists netsys com
> Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
> Virus ??!
>
>
> That is a widely used tool that is dropped by various malware 
> programs. I think even one of the JPEG exploits was dropping radmin.exe
>
> It be better to assume you have a infection and prove yourself 
> wrong than the other way around. Look into it pretty deep, I would 
> suggest. 
>
> > -----Original Message-----
> > From: full-disclosure-admin () lists netsys com 
> > [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Sowhat .
> > Sent: Tuesday, October 12, 2004 7:51 AM
> > To: full-disclosure () lists netsys com
> > Subject: [Full-disclosure] Norton AntiVirus 2005 treats 
> > Radmin as a Virus ??!
> >
> > hi ,list
> >
> > I have installed Norton AntiVirus 2005 ,and when i open my 
> > F:\ directory ,Norton pops up and show that,"Norton AntiVirus 
> > has detected a virus on your computer" "Boject Name 
> > F:\radmin.exe" "Virus Name Hacktool".
> >
> > Is RemoteAdministrator a commercial remote control software 
> > or a Hacktool ?
> >
> > the following information is copied from the Radmin's site:
> > (http://www.radmin.com/)
> >
> > "This fast, reliable, easy-to-use pc remote control software 
> > saves you hours of running up and down stairs between 
> > computers. Radmin allows you to take control of another PC on 
> > a LAN, WAN or dial-up connection so you see the remote 
> > computer's screen on your monitor and all your mouse 
> > movements and keystrokes are directly transferred to the 
> > remote machine. Radmin provides fast secure access to remote 
> > PC's on Windows platforms.  "
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
q+lT8pAgWbC+ESuAaZRQNkYo
=bmBO
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html