Did a scan with Spysweeper and it it is saying it detects Radmin system monitor and points at C:\wormguard\uninstal.exe and e:\recycler\programfiles\wormguard\uninstal.exe Is SS known to make false positives with these files or should I be doing some more scanning with TDS-3? Thanks
Seems like I get more false positives with Spysweeper every time I try it. It certainly won't hurt to do a scan with TDS-3, though, even if you just do a quick scan for now. If you're worried about a particular file you can always run it through the Kaspersky online scan (in addition to TDS-3 and any other scanners you might have.) That particular find, however, doesn't really make sense to me.. Radmin is an IT tool: http://www.majorgeeks.com/download1927.html (unless they started putting spyware in it or something..)
Must be a false positive.... If you like, calculate its MD5 checksum. On my system (using CryptoSuite): The file <C:\(deleted by me)\uninstal.exe> has the following Checksum(s) MD5 - B83429C6F8335B63DD316BB83EDAFF23
I'll run it through TDS-3 and a few online scanners like KAV and see what they say. I think its probably an FP but better safe than sorry I dont have Crypto. How do I check the MD5?
CryptoSuite is really a very nice tool (not only for calculating checksums!). I like it ! I don't know whether I'm allowed to post this here... You could also have a look here: http://lists.gpick.com/pages/Checksum_Tools.htm Take for example DigestIt. I have the older version 2003, among other checksum tools, but that is no secret But CryptoSuite is most defintely worth to have a look at !
Well, neither TDS, KAV, NOD32 or Ewido noticed anything funny about the files so I think its probably an FP. Thanks for the suggestions and help.
Hi DGeorge, Spysweeper also find Radmin on my system and just like you it is pointing on some files (2 to be exact) on my Diamonds products It must be a false positive, that's for sure ;-) Atomas31
Can you guys please be so kind as to send a copy of the files to those developers and telling them it is normal legal software, so they can refine their detection. You might like to send copies to submit@diamondcs.com.au too mentioning this thread so the TDs lab can have a look what might be causing those false positives. Thanks a lot!
If you have Remote_Administrator (Radmin) installed it is seen by all major ATs & AVs as a sub seven variant, if you have a legal copy, as I do, then you must put it on your allow list. Why do I use it? Radmin is the fastest remote administrator I have tried, I use it for support and on my own LAN. Here is an outline of Radmin. Remote control Remote Administrator (Radmin) gives you instant access to various remote resources through an Internet connection, over direct telephone lines and across multiple Windows platforms. Now you can monitor and manage PCs and servers in different locations anywhere in the world without leaving your desk. Radmin is the high performance solution that meets and exceeds the most stringent requirements for remote control software.
I just experienced this same detection with Spysweeper. I don't understand all the technical jargon, but Pilli makes it sounds like a developers tool. Is it a critical component of Wormguard? Will Wormguard not function properly if removed by Spysweeper?
No Radmin is not a part of WormGuard, I have WormGuard & SS working together with no problems on this PC. Here is a part of my prot list from PG3 I do not have Radmin on my Prot list and only have it set for permit once as a sort of security measure HTH Pilli
Pilli, Thanks. I think I understand now. I believe this thread is saying that Radmin was detected INCORRECTLY inside '../uninstal.exe', that Radmin may or may not really be malware, but it's not inside this Wormguard executable. Right?
No Daisie, There is no part of Radmin inside any DCS product it is developed totally independantly an sold commercially - Search Google for Radmin for more info' I am still not sure exactly what you are seeing Pilli
Pilli, I'm seeing the same thing that DGeorge saw. SpySweeper says that it found RADMIN inside C:\wormguard\uninstal.exe. I was just saying above that, if I'm understanding everyone correctly, SpySweeper is incorrectly detecting RADMIN (a "false positive") inside this Wormguard executable (uninstal.exe).
Hi Daisie, I did a full scan with SpySweeper today with the latest defs 413 and SS version 3.2 and no Radmin found. Looks like a false positive as TDS3 and KAV have sigs for Radmin. HTH Pilli