[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27171C9E@dc1ms2.msad.brookshires.net>
From: toddtowles at brookshires.com (Todd Towles)
Subject: Norton AntiVirus 2005 treats Radmin as a Virus ??!
I do agree with you Peter about the server and client part. I truly believe that Norton is detecting it as such only because it is being used in exploits. There are many exploits that drop this client onto the workstation. If you know it is there then the detection shouldn't surprise you. But if you are e-mailing a list asking about it and what it is. You most likely didn't install it.
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Peter Kruse
> Sent: Tuesday, October 12, 2004 10:41 AM
> To: Todd Towles; Sowhat .; full-disclosure@...ts.netsys.com
> Subject: SV: [Full-Disclosure] Norton AntiVirus 2005 treats
> Radmin as a Virus ??!
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi,
>
> Keep in mind that there's a client and a server part in the
> Radmin installation. During installation of this commercial
> software you'll have the option to choose wether you want to
> install the server or only the client.
>
> If the client software is detected as malicious this would
> indeed be a bad call. However, if Symantec labels the server
> as a backdoor risk, it's likely because it was distributed as
> part of a malware package not so long ago (a few weeks back).
> Still, this doesn't justify to label the Radmin Client as a
> security risk. The Radmin software is widely used for remote
> administration in the same manner as VNC, Terminal Services
> or "Netbus" ;-)
>
> Regards
> Peter Kruse
>
> >-----Oprindelig meddelelse-----
> >Fra: full-disclosure-admin@...ts.netsys.com
> >[mailto:full-disclosure-admin@...ts.netsys.com]P? vegne af
> Todd Towles
> >Sendt: 12. oktober 2004 16:15
> >Til: Sowhat .; full-disclosure@...ts.netsys.com
> >Emne: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
> >Virus ??!
> >
> >
> >That is a widely used tool that is dropped by various
> malware programs.
> >I think even one of the JPEG exploits was dropping radmin.exe
> >
> >It be better to assume you have a infection and prove yourself wrong
> >than the other way around. Look into it pretty deep, I would suggest.
> >
> >> -----Original Message-----
> >> From: full-disclosure-admin@...ts.netsys.com
> >> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf
> Of Sowhat .
> >> Sent: Tuesday, October 12, 2004 7:51 AM
> >> To: full-disclosure@...ts.netsys.com
> >> Subject: [Full-Disclosure] Norton AntiVirus 2005 treats
> Radmin as a
> >> Virus ??!
> >>
> >> hi ,list
> >>
> >> I have installed Norton AntiVirus 2005 ,and when i open my F:\
> >> directory ,Norton pops up and show that,"Norton AntiVirus has
> >> detected a virus on your computer" "Boject Name
> F:\radmin.exe" "Virus
> >> Name Hacktool".
> >>
> >> Is RemoteAdministrator a commercial remote control software or a
> >> Hacktool ?
> >>
> >> the following information is copied from the Radmin's site:
> >> (http://www.radmin.com/)
> >>
> >> "This fast, reliable, easy-to-use pc remote control software saves
> >> you hours of running up and down stairs between computers. Radmin
> >> allows you to take control of another PC on a LAN, WAN or dial-up
> >> connection so you see the remote computer's screen on your monitor
> >> and all your mouse movements and keystrokes are directly
> transferred
> >> to the remote machine. Radmin provides fast secure access
> to remote
> >> PC's on Windows platforms. "
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.netsys.com/full-disclosure-charter.html
> >>
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.1
>
> iQA/AwUBQWv68HxYZNa+g/pgEQKOiwCePgzmaczX3p55JZXV4DvZcxox/GcAn3Kc
> q+lT8pAgWbC+ESuAaZRQNkYo
> =bmBO
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists