|
|
||||||
|
#1
10-31-03, 06:00 AM
|
|
|
|
|
Dear all,
I newly installed my windows XP with the remote administrator(RADMIN) for remote control(downloaded from their website)... Here is a VirusScan Log: Basically, it reported "Nachi" host virus infection on two files: "r_server.exe RemoteAdmin.svr" and later "SVCHOST.EXE" infected by "W32/Nachi!tftpd". It was obvious that the "SVCHOST" file was infected later than I first installed the "r_server"... I previously also installed the RADMIN on another computer, and used Norton Antivirus, which did not report any virus/trojan about RADMIN. I am concerned about this and want to know is there any security breach case happened on RADMIN, and is it totally unsafe, and hence should never be used; or it can be used by doing some Windows patching and after the patching, the security problem won't happen any more? (because I really don't want to trouble our security personel also come and ask to check my computer...) Thanks a lot, -Walala -------------------------------------------------------------------- 10/30/2003 11:15:13 PM Moved (Clean failed because the file isn't cleanable) COMTECH\Administrator D:\Applications\Radmin\r_server.exe RemoteAdmin.svr 10/30/2003 11:17:34 PM Statistics: 10/30/2003 11:17:34 PM Files scanned: 2762 10/30/2003 11:17:34 PM Files infected: 1 10/30/2003 11:17:34 PM Files cleaned: 0 10/30/2003 11:17:34 PM Files deleted: 0 10/30/2003 11:17:34 PM Files moved: 1 10/30/2003 11:19:19 PM Move failed (Clean failed because the file isn't cleanable) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:20:19 PM Move failed (Clean failed because the file isn't cleanable) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:20:57 PM Move failed (Clean failed because the file isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:20:59 PM Move failed (Clean failed because the file isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:40:48 PM Not scanned (scan timed out) COMTECH\Administrator D:\Applications\Matlab6p5\sys\java\jre\win32\jre\l ib\rt.jar\JARVERIFIERSTREAM$CERTCACHE.CLASS 10/30/2003 11:44:08 PM Statistics: 10/30/2003 11:44:08 PM Files scanned: 6639 10/30/2003 11:44:08 PM Files infected: 8 10/30/2003 11:44:08 PM Files cleaned: 0 10/30/2003 11:44:08 PM Files deleted: 0 10/30/2003 11:44:08 PM Files moved: 0 10/30/2003 11:45:53 PM Move failed (Clean failed because the file isn't cleanable) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:46:21 PM Move failed (Clean failed because the file isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:46:23 PM Move failed (Clean failed because the file isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr 10/30/2003 11:55:36 PM Move failed (Clean failed because the file isn't cleanable) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wins\SVCHOST.EXE W32/Nachi!tftpd |
|
|
|
#2
10-31-03, 12:00 PM
|
|
|
|
|
Hi,
No, remote admin itself is not a trojan nor is it particularly susceptible. You need to patch your system to protect if from this latest round of bugs that exploits the remote procedure call service, see: MS03-039: A Buffer Overrun in RPCSS Could Allow an Attacker to Run Malicious Programs http://support.microsoft.com/?kbid=824146 |
|
#3
10-31-03, 02:37 PM
|
|
|
|
|
"Rick \"Nutcase\" Rogers" <rick> wrote in message news:2160
[..] > > "walala" <mizhael> wrote in message > news:4819 > RemoteAdmin.svr > RemoteAdmin.svr > RemoteAdmin.svr > D:\Applications\Matlab6p5\sys\java\jre\win32\jre\l ib\rt.jar\JARVERIFIERSTREA > M$CERTCACHE.CLASS > RemoteAdmin.svr > RemoteAdmin.svr but when I install RADMIN downloaded from RADMIN website(www.radmin.com), the McAfee VirusScan warned about "r_server.exe RemoteAdmin.svr" and refused to let it install; I ignored that; and after 20 minutes, the VirusScan began to report "SVCHOST.EXE W32/Nachi!tftpd" along with the previous warning... Is this truely infected or just over-reaction of the VirusScan software? By the way, I have installed all latest patches by "auto-update" after I install WINDOWSXP... Maybe MS-039 is a special one and I need to patch myself...? Thanks, -Walala |
|
#4
10-31-03, 10:18 PM
|
|
|
|
|
Hi,
Install the patch, regardless of the autoupdate function. It may very well be that that download you are getting from radmin.com is infected, or that it is disabling the very patch that is there to protect you. |
|
|
| Similar Threads | |
| Why the PC Virus cannot attack my XP? I am the administrator, I run ActiveX, No Firewall, No Virus Scanner..... The answer is: I know the Virus better than you smart asses who give bogus reasons blaming the users for your ignorance, I went to the core blocking the entries of the... |
|
| Is the remote control software RADMIN secure? Hi all, Before I use MS RDP, I previously was very happy about the RADMIN software. I used Radmin 2.1 a few years ago. It was the greatest remote control software I've used.... |
|
| Virus/trojon?! I recently got infected with a virus, at least thats what i think. Its symptoms are and independently moving mouse that clicks on and opens different screens. It tends to... |
|
| Can't get on secure sites now after virus fix I had a virus - took my computer to a repair place and since I've got it back I can't get on to secure sites. I have went to tools on internet explorer and made sure that my... |
|
| XP Remote Desktop Host increased Virus infected email Is there any known correlation between turning on the XP Pro Host function for Remote Desktop and the barrage of infected emails I have been getting. If so, is there a way to... |
|
|
All times are GMT. The time now is 01:38 AM. | Privacy Policy
|
Is Remote Administrator(radmin) a trojon/virus itself or virus host? Any techniques to make it secure?