Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Norton AntiVirus 2005 treats Radmin as a Virus ??!
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 12 Oct 2004 13:34:04 -0500

I do agree with you Peter about the server and client part. I truly believe that Norton is detecting it as such only 
because it is being used in exploits. There are many exploits that drop this client onto the workstation. If you know 
it is there then the detection shouldn't surprise you. But if you are e-mailing a list asking about it and what it is. 
You most likely didn't install it. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Peter Kruse
Sent: Tuesday, October 12, 2004 10:41 AM
To: Todd Towles; Sowhat .; full-disclosure () lists netsys com
Subject: SV: [Full-disclosure] Norton AntiVirus 2005 treats 
Radmin as a Virus ??!

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,

Keep in mind that there's a client and a server part in the 
Radmin installation. During installation of this commercial 
software you'll have the option to choose wether you want to 
install the server or only the client. 

If the client software is detected as malicious this would 
indeed be a bad call. However, if Symantec labels the server 
as a backdoor risk, it's likely because it was distributed as 
part of a malware package not so long ago (a few weeks back). 
Still, this doesn't justify to label the Radmin Client as a 
security risk. The Radmin software is widely used for remote 
administration in the same manner as VNC, Terminal Services 
or "Netbus" ;-)

Regards
Peter Kruse

-----Oprindelig meddelelse-----
Fra: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]På vegne af 
Todd Towles
Sendt: 12. oktober 2004 16:15
Til: Sowhat .; full-disclosure () lists netsys com
Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a 
Virus ??!


That is a widely used tool that is dropped by various 
malware programs. 
I think even one of the JPEG exploits was dropping radmin.exe

It be better to assume you have a infection and prove yourself wrong 
than the other way around. Look into it pretty deep, I would suggest.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf 
Of Sowhat .
Sent: Tuesday, October 12, 2004 7:51 AM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Norton AntiVirus 2005 treats 
Radmin as a 
Virus ??!

hi ,list

I have installed Norton AntiVirus 2005 ,and when i open my F:\ 
directory ,Norton pops up and show that,"Norton AntiVirus has 
detected a virus on your computer" "Boject Name 
F:\radmin.exe" "Virus 
Name Hacktool".

Is RemoteAdministrator a commercial remote control software or a 
Hacktool ?

the following information is copied from the Radmin's site:
(http://www.radmin.com/)

"This fast, reliable, easy-to-use pc remote control software saves 
you hours of running up and down stairs between computers. Radmin 
allows you to take control of another PC on a LAN, WAN or dial-up 
connection so you see the remote computer's screen on your monitor 
and all your mouse movements and keystrokes are directly 
transferred 
to the remote machine. Radmin provides fast secure access 
to remote 
PC's on Windows platforms.  "

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
q+lT8pAgWbC+ESuAaZRQNkYo
=bmBO
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]