Spysweeper and WG

Discussion in 'WormGuard' started by DGeorge, Oct 26, 2004.

Thread Status:
Not open for further replies.
  1. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    Did a scan with Spysweeper and it it is saying it detects Radmin system monitor and points at C:\wormguard\uninstal.exe and e:\recycler\programfiles\wormguard\uninstal.exe

    Is SS known to make false positives with these files or should I be doing some more scanning with TDS-3?

    Thanks
     
  2. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Seems like I get more false positives with Spysweeper every time I try it. It certainly won't hurt to do a scan with TDS-3, though, even if you just do a quick scan for now. If you're worried about a particular file you can always run it through the Kaspersky online scan (in addition to TDS-3 and any other scanners you might have.) That particular find, however, doesn't really make sense to me.. Radmin is an IT tool: http://www.majorgeeks.com/download1927.html
    (unless they started putting spyware in it or something..)
     
  3. FanJ

    FanJ Guest

    Must be a false positive....

    If you like, calculate its MD5 checksum.
    On my system (using CryptoSuite):
    The file <C:\(deleted by me)\uninstal.exe> has the following Checksum(s)

    MD5 - B83429C6F8335B63DD316BB83EDAFF23
     
  4. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    I'll run it through TDS-3 and a few online scanners like KAV and see what they say. I think its probably an FP but better safe than sorry

    I dont have Crypto. How do I check the MD5?
     
  5. FanJ

    FanJ Guest

    CryptoSuite is really a very nice tool (not only for calculating checksums!).
    I like it ! :)

    I don't know whether I'm allowed to post this here...
    You could also have a look here:
    http://lists.gpick.com/pages/Checksum_Tools.htm
    Take for example DigestIt. I have the older version 2003, among other checksum tools, but that is no secret ;)
    But CryptoSuite is most defintely worth to have a look at !
     
  6. DGeorge

    DGeorge Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    36
    Well, neither TDS, KAV, NOD32 or Ewido noticed anything funny about the files so I think its probably an FP.
    Thanks for the suggestions and help.
     
  7. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi DGeorge,

    Spysweeper also find Radmin on my system and just like you it is pointing on some files (2 to be exact) on my Diamonds productso_O It must be a false positive, that's for sure ;-)

    Atomas31
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Can you guys please be so kind as to send a copy of the files to those developers and telling them it is normal legal software, so they can refine their detection. You might like to send copies to submit@diamondcs.com.au too mentioning this thread so the TDs lab can have a look what might be causing those false positives.
    Thanks a lot!
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    If you have Remote_Administrator (Radmin) installed it is seen by all major ATs & AVs as a sub seven variant, if you have a legal copy, as I do, then you must put it on your allow list.
    Why do I use it? Radmin is the fastest remote administrator I have tried, I use it for support and on my own LAN.

    Here is an outline of Radmin.

    Remote control

    Remote Administrator (Radmin) gives you instant access to various remote resources through an Internet connection, over direct telephone lines and across multiple Windows platforms. Now you can monitor and manage PCs and servers in different locations anywhere in the world without leaving your desk. Radmin is the high performance solution that meets and exceeds the most stringent requirements for remote control software.
     
  10. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    I just experienced this same detection with Spysweeper. I don't understand all the technical jargon, but Pilli makes it sounds like a developers tool. Is it a critical component of Wormguard? Will Wormguard not function properly if removed by Spysweeper?
     
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No Radmin is not a part of WormGuard, I have WormGuard & SS working together with no problems on this PC.
    Here is a part of my prot list from PG3 I do not have Radmin on my Prot list and only have it set for permit once as a sort of security measure ;)

    HTH Pilli
     

    Attached Files:

  12. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Pilli, Thanks. :)

    I think I understand now. I believe this thread is saying that Radmin was detected INCORRECTLY inside '../uninstal.exe', that Radmin may or may not really be malware, but it's not inside this Wormguard executable. Right?
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No Daisie, There is no part of Radmin inside any DCS product it is developed totally independantly an sold commercially - Search Google for Radmin for more info' :)

    I am still not sure exactly what you are seeing :(

    Pilli
     
  14. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Pilli,

    I'm seeing the same thing that DGeorge saw. SpySweeper says that it found RADMIN inside C:\wormguard\uninstal.exe. I was just saying above that, if I'm understanding everyone correctly, SpySweeper is incorrectly detecting RADMIN (a "false positive") inside this Wormguard executable (uninstal.exe). :)
     
  15. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Daisie, I did a full scan with SpySweeper today with the latest defs 413 and SS version 3.2 and no Radmin found.
    Looks like a false positive as TDS3 and KAV have sigs for Radmin.

    HTH Pilli
     
Thread Status:
Not open for further replies.