Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

SV: Norton AntiVirus 2005 treats Radmin as a Virus ??!
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Tue, 12 Oct 2004 17:40:32 +0200

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,

Keep in mind that there's a client and a server part in the Radmin installation. During installation of this commercial 
software you'll have the option to choose wether you want to install the server or only the client. 

If the client software is detected as malicious this would indeed be a bad call. However, if Symantec labels the server 
as a backdoor risk, it's likely because it was distributed as part of a malware package not so long ago (a few weeks 
back). Still, this doesn't justify to label the Radmin Client as a security risk. The Radmin software is widely used 
for remote administration in the same manner as VNC, Terminal Services or "Netbus" ;-)

Regards
Peter Kruse

-----Oprindelig meddelelse-----
Fra: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]På vegne af Todd Towles
Sendt: 12. oktober 2004 16:15
Til: Sowhat .; full-disclosure () lists netsys com
Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
Virus ??!


That is a widely used tool that is dropped by various malware 
programs. I think even one of the JPEG exploits was dropping radmin.exe

It be better to assume you have a infection and prove yourself 
wrong than the other way around. Look into it pretty deep, I would 
suggest. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Sowhat .
Sent: Tuesday, October 12, 2004 7:51 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Norton AntiVirus 2005 treats 
Radmin as a Virus ??!

hi ,list

I have installed Norton AntiVirus 2005 ,and when i open my 
F:\ directory ,Norton pops up and show that,"Norton AntiVirus 
has detected a virus on your computer" "Boject Name 
F:\radmin.exe" "Virus Name Hacktool".

Is RemoteAdministrator a commercial remote control software 
or a Hacktool ?

the following information is copied from the Radmin's site:
(http://www.radmin.com/)

"This fast, reliable, easy-to-use pc remote control software 
saves you hours of running up and down stairs between 
computers. Radmin allows you to take control of another PC on 
a LAN, WAN or dial-up connection so you see the remote 
computer's screen on your monitor and all your mouse 
movements and keystrokes are directly transferred to the 
remote machine. Radmin provides fast secure access to remote 
PC's on Windows platforms.  "

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
q+lT8pAgWbC+ESuAaZRQNkYo
=bmBO
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault