Spysweeper and WG

DGeorge · #1 October 26th, 2004, 09:20 PM

Did a scan with Spysweeper and it it is saying it detects Radmin system monitor and points at C:\wormguard\uninstal.exe and e:\recycler\programfiles\wormguard\uninstal.exe

Is SS known to make false positives with these files or should I be doing some more scanning with TDS-3?

Thanks

Notok · #2 October 26th, 2004, 10:15 PM

Seems like I get more false positives with Spysweeper every time I try it. It certainly won't hurt to do a scan with TDS-3, though, even if you just do a quick scan for now. If you're worried about a particular file you can always run it through the Kaspersky online scan (in addition to TDS-3 and any other scanners you might have.) That particular find, however, doesn't really make sense to me.. Radmin is an IT tool: http://www.majorgeeks.com/download1927.html
(unless they started putting spyware in it or something..)

#3 October 26th, 2004, 10:33 PM

Must be a false positive....

If you like, calculate its MD5 checksum.
On my system (using CryptoSuite):
The file <C:\(deleted by me)\uninstal.exe> has the following Checksum(s)

MD5 - B83429C6F8335B63DD316BB83EDAFF23

DGeorge · #4 October 26th, 2004, 11:27 PM

I'll run it through TDS-3 and a few online scanners like KAV and see what they say. I think its probably an FP but better safe than sorry

I dont have Crypto. How do I check the MD5?

#5 October 26th, 2004, 11:42 PM

Quote:

Originally Posted by DGeorge

I dont have Crypto. How do I check the MD5?

CryptoSuite is really a very nice tool (not only for calculating checksums!).
I like it !

I don't know whether I'm allowed to post this here...
You could also have a look here:
http://lists.gpick.com/pages/Checksum_Tools.htm
Take for example DigestIt. I have the older version 2003, among other checksum tools, but that is no secret

But CryptoSuite is most defintely worth to have a look at !

DGeorge · #6 October 27th, 2004, 06:00 PM

Well, neither TDS, KAV, NOD32 or Ewido noticed anything funny about the files so I think its probably an FP.
Thanks for the suggestions and help.

Atomas31 · #7 October 29th, 2004, 12:33 PM

Hi DGeorge,

Spysweeper also find Radmin on my system and just like you it is pointing on some files (2 to be exact) on my Diamonds products

It must be a false positive, that's for sure ;-)

Atomas31

Jooske · #8 October 29th, 2004, 01:18 PM

Can you guys please be so kind as to send a copy of the files to those developers and telling them it is normal legal software, so they can refine their detection. You might like to send copies to submit@diamondcs.com.au too mentioning this thread so the TDs lab can have a look what might be causing those false positives.
Thanks a lot!

Pilli · #9 October 29th, 2004, 02:38 PM

If you have Remote_Administrator (Radmin) installed it is seen by all major ATs & AVs as a sub seven variant, if you have a legal copy, as I do, then you must put it on your allow list.
Why do I use it? Radmin is the fastest remote administrator I have tried, I use it for support and on my own LAN.

Here is an outline of Radmin.

Remote control

Remote Administrator (Radmin) gives you instant access to various remote resources through an Internet connection, over direct telephone lines and across multiple Windows platforms. Now you can monitor and manage PCs and servers in different locations anywhere in the world without leaving your desk. Radmin is the high performance solution that meets and exceeds the most stringent requirements for remote control software.

Dazed_and_Confused · #10 November 4th, 2004, 10:46 PM

I just experienced this same detection with Spysweeper. I don't understand all the technical jargon, but Pilli makes it sounds like a developers tool. Is it a critical component of Wormguard? Will Wormguard not function properly if removed by Spysweeper?

Pilli · #11 November 5th, 2004, 04:40 AM

Quote:

Is it a critical component of Wormguard?

No Radmin is not a part of WormGuard, I have WormGuard & SS working together with no problems on this PC.
Here is a part of my prot list from PG3 I do not have Radmin on my Prot list and only have it set for permit once as a sort of security measure

HTH Pilli

Dazed_and_Confused · #12 November 5th, 2004, 07:19 AM

Quote:

Originally Posted by Pilli

No Radmin is not a part of WormGuard....

Pilli, Thanks.

I think I understand now. I believe this thread is saying that Radmin was detected INCORRECTLY inside '../uninstal.exe', that Radmin may or may not really be malware, but it's not inside this Wormguard executable. Right?

Pilli · #13 November 5th, 2004, 07:45 AM

No Daisie, There is no part of Radmin inside any DCS product it is developed totally independantly an sold commercially - Search Google for Radmin for more info'

I am still not sure exactly what you are seeing

Pilli

Dazed_and_Confused · #14 November 6th, 2004, 09:59 AM

Pilli,

I'm seeing the same thing that DGeorge saw. SpySweeper says that it found RADMIN inside C:\wormguard\uninstal.exe. I was just saying above that, if I'm understanding everyone correctly, SpySweeper is incorrectly detecting RADMIN (a "false positive") inside this Wormguard executable (uninstal.exe).

Pilli · #15 November 6th, 2004, 11:15 AM

Hi Daisie, I did a full scan with SpySweeper today with the latest defs 413 and SS version 3.2 and no Radmin found.
Looks like a false positive as TDS3 and KAV have sigs for Radmin.

HTH Pilli

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search