Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?

From: walala (mizhael_at_yahoo.com)
Date: 10/31/03

• Next message: walala: "Is VNC safe for remote control?"
• Previous message: Ohaya: "Re: Does deleting a certificate cause private key deletion?"
• Next in thread: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
• Reply: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 30 Oct 2003 22:00:35 -0800

Dear all,

I newly installed my windows XP with the remote administrator(RADMIN)
for remote control(downloaded from their website)...

Here is a VirusScan Log: Basically, it reported "Nachi" host virus
infection on two files: "r_server.exe RemoteAdmin.svr" and later
"SVCHOST.EXE" infected by "W32/Nachi!tftpd".

It was obvious that the "SVCHOST" file was infected later than I first
installed the "r_server"...

I previously also installed the RADMIN on another computer, and used
Norton Antivirus, which did not report any virus/trojan about RADMIN.

I am concerned about this and want to know is there any security
breach case happened on RADMIN, and is it totally unsafe, and hence
should never be used; or it can be used by doing some Windows patching
and after the patching, the security problem won't happen any more?

(because I really don't want to trouble our security personel also
come and ask to check my computer...)

Thanks a lot,

-Walala

--------------------------------------------------------------------

10/30/2003 11:15:13 PM Moved (Clean failed because the file isn't
cleanable) COMTECH\Administrator D:\Applications\Radmin\r_server.exe RemoteAdmin.svr

10/30/2003 11:17:34 PM Statistics:
10/30/2003 11:17:34 PM Files scanned: 2762
10/30/2003 11:17:34 PM Files infected: 1
10/30/2003 11:17:34 PM Files cleaned: 0
10/30/2003 11:17:34 PM Files deleted: 0
10/30/2003 11:17:34 PM Files moved: 1

10/30/2003 11:19:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:57 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:59 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:40:48 PM Not scanned (scan timed out)
        COMTECH\Administrator D:\Applications\Matlab6p5\sys\java\jre\win32\jre\lib\rt.jar\JARVERIFIERSTREAM$CERTCACHE.CLASS

10/30/2003 11:44:08 PM Statistics:
10/30/2003 11:44:08 PM Files scanned: 6639
10/30/2003 11:44:08 PM Files infected: 8
10/30/2003 11:44:08 PM Files cleaned: 0
10/30/2003 11:44:08 PM Files deleted: 0
10/30/2003 11:44:08 PM Files moved: 0

10/30/2003 11:45:53 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:21 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:23 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:55:36 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\wins\SVCHOST.EXE W32/Nachi!tftpd

• Next message: walala: "Is VNC safe for remote control?"
• Previous message: Ohaya: "Re: Does deleting a certificate cause private key deletion?"
• Next in thread: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
• Reply: Rick \: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SecurityFocus Microsoft Newsletter #182 ... Introducing the world's first and only complete Internal Security Gateway: ... Microsoft Windows XP Explorer.EXE Remote Denial of Service V... ... Apache Error Log Escape Sequence Injection Vulnerability ... (Focus-Microsoft) SecurityFocus Microsoft Newsletter #105 ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Encrypted RDP Packet Information Leakage... ... Microsoft Windows XP Professional Remote Desktop Denial Of... ... RRAS with PPTP connections security ... (Focus-Microsoft) Re: Windows XP Pro VPN and NetGear ... I have successfully established a Remote Desktop ... >> Access Service. ... report the same error (Windows could not start the ... (microsoft.public.windowsxp.work_remotely) Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secur ... I newly installed my windows XP with the remote administrator ... which did not report any virus/trojan about RADMIN. ... I am concerned about this and want to know is there any security ... (microsoft.public.windowsxp.security_admin) Re: Virus Problems/Spyware ... | windows XP security centre and I keep getting a bubble up saying ?danger! ... If I re-install Windows will this solve the problem ... It is suggested that you execute each tool in Normal Mode then in Safe Mode. ... On Win9x/ME platforms the report will not be shown in your bowser ... (microsoft.public.windowsxp.security_admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint