I have a friend who totally knows nothing about computers except chatting and use of email was tricked by one of her chatmates into uninstalling her antivirus software and then installing radmin into his computer without knowing what it does. Now that hacker is harassing my friend and her family to the point of blackmail. When she asked me to check her computer, I noticed radmin installed. So I removed radmin on the computer and then inslalled an antivirus software, I checked the installation directory and I found a log file. a portion of the entry is this...
<2172> RServer3 2010.09.04 13:17 Radmin Server 3 is started
<3556> RServer3 2010.09.04 13:18 Connection from 126.96.36.199 (PILIPINAS): File connection
<3556> RServer3 2010.09.04 18:00 188.8.131.52 connection closed
Is the 184.108.40.206 the IP address of the hacker? or it is just an id for specific Radmin user. We want to trace the user so that we can pursue legal matters against the attacker. Or does anyone have any idea on how to do so.