On Wed October 13 2004 11:38, Feher Tamas wrote:
Ill Will wrote:
oops...
http://www.illmob.org/0day/ghostradmin.zip
Trojandropper.Win32.RDM.a
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
technically no it shouldnt treat r_server.exe or admin.dll as virii ..
first off i modified r_server by changing its icon to a blank icon and
compressed it with upx , so no antivirus so pick up the exe , the dll
i could see as being detected because i didnt modify anything. the
package in total
Noam Rathaus wrote:
snip
Clam doesn't think its a virus/Trojan/whatever
Which is significant why?
Clam has the highest false negative rate of all scanners apart from a
couple of obviously toy projects, so its non-detection of something
can hardly be seen as evidence of something's
Ill Will wrote:
oops...
http://www.illmob.org/0day/ghostradmin.zip
Trojandropper.Win32.RDM.a
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
That's not Radmin, that's a 'dropper' to silenty install
radmin..intended almost always for use as a trojan. So of course NAV
will pick it up as a virus.
On Wed, 13 Oct 2004 11:38:36 +0200 (CEST), Feher Tamas
[EMAIL PROTECTED] wrote:
Ill Will wrote:
oops...
hi list
I have installed Norton AntiVirus 2005 ,and when i open my F:\
directory ,Norton pops up and show that,Norton AntiVirus has detected
a virus on your computer Boject Name F:\radmin.exe Virus Name
Hacktool.
Is RemoteAdministrator a commercial remote control software or a Hacktool ?
the
Hello,
Sowhat . wrote:
[ NAV 2k5 detected radmin.exe as virus ]
Is RemoteAdministrator a commercial remote control software or a
Hacktool ?
since you're posting this to full-disclosure, I assume you have already
contacted Norton. What did they say?
GTi
no , no one install Radmin on my computer, it's a new clean box.the
radmin.exe is the client of the Radmin.
in my memory , Norton AntiVirus 2004 has mark the Radmin as potential malware
and in 2005, it was marked as Hacktool
i have googled for it ,Trend Micro also marks it a
On Tuesday 12 October 2004 08:51 am, Sowhat . wrote:
hi list
I have installed Norton AntiVirus 2005 ,and when i open my F:\
directory ,Norton pops up and show that,Norton AntiVirus has detected
a virus on your computer Boject Name F:\radmin.exe Virus Name
Hacktool.
Symantec labels a
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sowhat .
Sent: Tuesday, October 12, 2004 7:51 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Norton AntiVirus 2005 treats
Radmin as a Virus ??!
hi list
I have installed Norton AntiVirus 2005 ,and when i open my
i am sorry , i didnt contact Norton
becasue i found that many AV marked it as HACKTOOL ,not only norton
as someone has said ,AV vendors need a lawyer :)
On Tue, 12 Oct 2004 16:09:18 +0200, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello,
Sowhat . wrote:
[ NAV 2k5 detected radmin.exe as
PROTECTED]
Subject: RE: [Full-Disclosure] Norton AntiVirus 2005 treats Radmin as a
Virus ??!
That is a widely used tool that is dropped by various malware programs. I think even
one of the JPEG exploits was dropping radmin.exe
It be better to assume you have a infection and prove yourself wrong
becasue i found that many AV marked it as HACKTOOL
,not only norton
as someone has said ,AV vendors need a lawyer :)
I don't get it...AV vendors each have their own naming
scheme, and decide what and how to detect malware.
You purchase the product, and then decide that the AV
vendors need
, 2004 7:51 AM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Norton AntiVirus 2005 treats
Radmin as a Virus ??!
hi list
I have installed Norton AntiVirus 2005 ,and when i open my
F:\ directory ,Norton pops up and show that,Norton AntiVirus
has detected a virus on your computer
]
Subject: SV: [Full-Disclosure] Norton AntiVirus 2005 treats
Radmin as a Virus ??!
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Keep in mind that there's a client and a server part in the
Radmin installation. During installation of this commercial
software you'll have the option
If the client software is detected as malicious this would indeed be a bad call.
However, if Symantec labels the server as a backdoor risk, it's likely because it
was distributed as part of a malware package not so long ago (a few weeks back).
Still, this doesn't justify to label the
16 matches
Mail list logo
