Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?
From: Rick \ (rick_at_mvps.org)
Date: 10/31/03
- Next message: Invisibleman www.allexperts.com: "Should I be worried?"
- Previous message: V3ct0rman: "Windows XP Updates"
- In reply to: walala: "Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Next in thread: walala: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Reply: walala: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Oct 2003 07:00:34 -0500
Hi,
No, remote admin itself is not a trojan nor is it particularly susceptible.
You need to patch your system to protect if from this latest round of bugs
that exploits the remote procedure call service, see:
MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious
Programs
http://support.microsoft.com/?kbid=824146
-- Best of Luck, Rick Rogers aka "Nutcase" MS-MVP - Win9x Windows isn't rocket science! That's my other hobby! http://mvp.support.microsoft.com/ Associate Expert - WinXP - Expert Zone www.microsoft.com/windowsxp/expertzone Win98 Help - www.rickrogers.org "walala" <mizhael@yahoo.com> wrote in message news:6f348bd1.0310302200.3d0f4819@posting.google.com... > Dear all, > > I newly installed my windows XP with the remote administrator(RADMIN) > for remote control(downloaded from their website)... > > Here is a VirusScan Log: Basically, it reported "Nachi" host virus > infection on two files: "r_server.exe RemoteAdmin.svr" and later > "SVCHOST.EXE" infected by "W32/Nachi!tftpd". > > It was obvious that the "SVCHOST" file was infected later than I first > installed the "r_server"... > > I previously also installed the RADMIN on another computer, and used > Norton Antivirus, which did not report any virus/trojan about RADMIN. > > I am concerned about this and want to know is there any security > breach case happened on RADMIN, and is it totally unsafe, and hence > should never be used; or it can be used by doing some Windows patching > and after the patching, the security problem won't happen any more? > > (because I really don't want to trouble our security personel also > come and ask to check my computer...) > > Thanks a lot, > > -Walala > > -------------------------------------------------------------------- > > > 10/30/2003 11:15:13 PM Moved (Clean failed because the file isn't > cleanable) COMTECH\Administrator D:\Applications\Radmin\r_server.exe RemoteAdmin.svr > > 10/30/2003 11:17:34 PM Statistics: > 10/30/2003 11:17:34 PM Files scanned: 2762 > 10/30/2003 11:17:34 PM Files infected: 1 > 10/30/2003 11:17:34 PM Files cleaned: 0 > 10/30/2003 11:17:34 PM Files deleted: 0 > 10/30/2003 11:17:34 PM Files moved: 1 > > 10/30/2003 11:19:19 PM Move failed (Clean failed because the file > isn't cleanable) NT > AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:20:19 PM Move failed (Clean failed because the file > isn't cleanable) NT > AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:20:57 PM Move failed (Clean failed because the file > isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:20:59 PM Move failed (Clean failed because the file > isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:40:48 PM Not scanned (scan timed out) > COMTECH\Administrator D:\Applications\Matlab6p5\sys\java\jre\win32\jre\lib\rt.jar\JARVERIFIERSTREA M$CERTCACHE.CLASS > > 10/30/2003 11:44:08 PM Statistics: > 10/30/2003 11:44:08 PM Files scanned: 6639 > 10/30/2003 11:44:08 PM Files infected: 8 > 10/30/2003 11:44:08 PM Files cleaned: 0 > 10/30/2003 11:44:08 PM Files deleted: 0 > 10/30/2003 11:44:08 PM Files moved: 0 > > 10/30/2003 11:45:53 PM Move failed (Clean failed because the file > isn't cleanable) NT > AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:46:21 PM Move failed (Clean failed because the file > isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:46:23 PM Move failed (Clean failed because the file > isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr > 10/30/2003 11:55:36 PM Move failed (Clean failed because the file > isn't cleanable) NT > AUTHORITY\SYSTEM C:\WINDOWS\system32\wins\SVCHOST.EXE W32/Nachi!tftpd
- Next message: Invisibleman www.allexperts.com: "Should I be worried?"
- Previous message: V3ct0rman: "Windows XP Updates"
- In reply to: walala: "Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Next in thread: walala: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Reply: walala: "Re: Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
