[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SV: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??!
- Subject: Re: SV: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a Virus ??!
- From: Ill will <xillwillx@xxxxxxxxx>
- Date: Tue, 12 Oct 2004 21:08:42 -0400
oops...
http://www.illmob.org/0day/ghostradmin.zip
On Tue, 12 Oct 2004 17:40:32 +0200, Peter Kruse <kruse@xxxxxxxxxxxxxxxx> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi,
>
> Keep in mind that there's a client and a server part in the Radmin
> installation. During installation of this commercial software you'll have the
> option to choose wether you want to install the server or only the client.
>
> If the client software is detected as malicious this would indeed be a bad
> call. However, if Symantec labels the server as a backdoor risk, it's likely
> because it was distributed as part of a malware package not so long ago (a
> few weeks back). Still, this doesn't justify to label the Radmin Client as a
> security risk. The Radmin software is widely used for remote administration
> in the same manner as VNC, Terminal Services or "Netbus" ;-)
>
> Regards
> Peter Kruse
>
> >-----Oprindelig meddelelse-----
> >Fra: full-disclosure-admin@xxxxxxxxxxxxxxxx
> >[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx]På; vegne af Todd Towles
> >Sendt: 12. oktober 2004 16:15
> >Til: Sowhat .; full-disclosure@xxxxxxxxxxxxxxxx
> >Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
> >Virus ??!
> >
> >
> >That is a widely used tool that is dropped by various malware
> >programs. I think even one of the JPEG exploits was dropping radmin.exe
> >
> >It be better to assume you have a infection and prove yourself
> >wrong than the other way around. Look into it pretty deep, I would
> >suggest.
> >
> >> -----Original Message-----
> >> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> >> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Sowhat .
> >> Sent: Tuesday, October 12, 2004 7:51 AM
> >> To: full-disclosure@xxxxxxxxxxxxxxxx
> >> Subject: [Full-Disclosure] Norton AntiVirus 2005 treats
> >> Radmin as a Virus ??!
> >>
> >> hi ,list
> >>
> >> I have installed Norton AntiVirus 2005 ,and when i open my
> >> F:\ directory ,Norton pops up and show that,"Norton AntiVirus
> >> has detected a virus on your computer" "Boject Name
> >> F:\radmin.exe" "Virus Name Hacktool".
> >>
> >> Is RemoteAdministrator a commercial remote control software
> >> or a Hacktool ?
> >>
> >> the following information is copied from the Radmin's site:
> >> (http://www.radmin.com/)
> >>
> >> "This fast, reliable, easy-to-use pc remote control software
> >> saves you hours of running up and down stairs between
> >> computers. Radmin allows you to take control of another PC on
> >> a LAN, WAN or dial-up connection so you see the remote
> >> computer's screen on your monitor and all your mouse
> >> movements and keystrokes are directly transferred to the
> >> remote machine. Radmin provides fast secure access to remote
> >> PC's on Windows platforms. "
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.netsys.com/full-disclosure-charter.html
> >>
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
> q+lT8pAgWbC+ESuAaZRQNkYo
> =bmBO
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
--
- illwill
http://illmob.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html