Support
Authorization

Newsletter

  Settings

Ghost Radmin or not

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 34933Topic:: «Ghost Radmin or not» on forum: Network management general discussion
#1
How can we make the difference?
http://www.pestpatrol.com/pest_info/de/g/ghost_radmin.asp
#2
GhostRadmin has the following files:

editor.exe (6 Kb)
FSG.EXE (65 Kb)
server.exe (2.5 Kb)

What "Ghost Radmin" does is downloading r_server.exe and AdmDll.dll files to the targent machine without notifying the user, nothing more. These two files are also included into the package.

Smart anti-virus software recognizes <font color=red>editor.exe</font>, <font color=red>FSG.EXE</font> and <font color=red>server.exe</font> as "Ghost Radmin" trojan. It won't recognize <font color=green>r_server.exe</font> or <font color=green>AdmDll.dll</font> as a trojan - and that's right, since neither r_server.exe nor AdmDll.dll is Ghost Radmin.

However, some dumb, straight-forward, paranoid-minded software may think that r_server.exe is "GhostRadmin", but it is obviously not.

Best Regards,
Ilia Demenkov, Famatech support team (support@famatech.com).
Profile
#3
Ilia,
Actually Norton AV and firewall 2004 recognize it as a potential secuirty threat and tag it as such in standard scan. Potentially due to this exact issue.
Though it seems that the good design of radmin 2.1 may be perfect for hackers to use.

Here is a copy of the Ghostradmin instructions for idiots I found on the web:

Ghost Radmin 1.0
Coded by illwill in ASM
9/18/03

===========================================================
a 1.26kb program that silently installs Radmin on a
remote computer for win9x/me/nt/2k/xp.
basically it downloads the radmin server and dll from the
web and adds the proper registry keys for it to function.
===========================================================
features:
* only 1.26 kb
* installs radmin with a password of 12345678

Instructions:
first get a website
1. extract all files from zip to a folder
2. open up editor.exe
3. select the [...] to browse for server.exe
4. once server selected press read
5. change the settings to your liking
a. url: web address of r_server.exe
b. dll: web address of AdmDll.dll
6. write the settings to the server
7. compress it then bind it with your trojan
===========================================================
E-mail:
xillwillx@yahoo.com

Homepages:
http://www.illmob.org
http://imagekrew.cjb.net
===========================================================
#4
>Actually Norton AV and firewall 2004
>recognize it as a potential secuirty
>threat and tag it as such in standard scan.

As I've alredy written, "some straight-forward, paranoid-minded software may think that r_server.exe is "GhostRadmin", but it is obviously not."

Please, read this post http://www.famatech.com/support/forum/read.php?FID=19&TID=5949

Should we sue Symantec/Norton?

Best Regards,
Ilia Demenkov, Famatech support team (support@famatech.com).
Profile
#5
Quote
As I've alredy written, "some straight-forward, paranoid-minded software may think that r_server.exe is "GhostRadmin", but it is obviously not."

Yeah,
I saw that after the fact..

Quote
Should we sue Symantec/Norton?


Do I detect a sense of humor Ilia? or are you being serious here.. smile:D
Profile
#6
Quote
Ilia Demenkov wrote:
What "Ghost Radmin" does is downloading r_server.exe and AdmDll.dll files to the targent machine without notifying the user, nothing more. These two files are also included into the package.

Smart anti-virus software recognizes editor.exe, FSG.EXE and server.exe as "Ghost Radmin" trojan. It won't recognize r_server.exe or AdmDll.dll as a trojan - and that's right, since neither r_server.exe nor AdmDll.dll is Ghost Radmin.


Wait... I think I missed a step. if Ghost RAdmin d/l's r_server.exe and AdmDll.dll to the target system, does it rename them? If not how can the second paragraph be correct?

My anti-trojan SW recognized r_server.exe and called it GHOSTRSERVER IIRC. It just happend recently when the signature list was updated. I just told it to exclude them and all was well.
#7
smile:{} Reading this, I am still not clear if Ghost Radmin is spyware or NOT? I recently installed Tenebril, SpyCatcher and lo and behold there comes up Ghost RAdmin 1.0b as spyware. Please give us a conclusive answer to wether it is or not?

Funny enough, some weeks ago, unbeknownst to me, I started to get bad sectors on my HDD where the system32 folder was located and I noticed that RAdmin server could be accessed without a password. Even resetting the password it would not remember it the next day. After I fixed my HDD the problem went away.

Has anyone had a similar experience?
Profile
#8
Hello every Body ...
am just wanna ask about the r_server.exe
what if some one install RAdmin on his Computer
and send the file r_server.exe to some body else over the internet .
can this person connect to that computer remotely ?
Profile
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5 New!

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.