Tools for Remote Admin spywares?

smcgilli · Jan 12, 2005

Are there any tools for removing Remote Admin spywares?

Recently a RAdmin server icon showed up on my home PC bottom bar. It shouldn't be there. There's no radmin folder or file on my hard drive and I haven't found any variants, either.

Norton, Spybot, and Adaware scans don't detect anything. I've also done 3 or 4 online scans with no results.

Can someone suggest the next step? Is there a "shredder-like" tool for nuking Remote Admin?

chaslang · Jan 12, 2005

RAdmin is remote control software. It is not spyware. See: http://www.famatech.com/

If it is on your system, someone installed it. Like the Administrator of the PC. Who owns the PC and who is the Administrator? They should be able to uninstall the software from Add/Remove programs. That is if they don't want it on the PC.

smcgilli · Jan 12, 2005

I own the PC (at home) and I'm the only administrator / user. It there and it's not the standard install 'cause it's not in my programs folder. Nor can I find any obviously related files on my hard drive.

I've heard of some viruses / spyware that install and use an altered version of Remote Admin. They track keystrokes and save them in a file somewhere on the PC, then use RAdmin to transmit the file....or maybe a malicious script installed it and now there's potential to remotely control my PC.

Regardless... It's my home PC, I'm the Admin and the only user, and I don't want RAdmin on there. Any ideas for getting rid of it? It's not in my add/remove programs list.

chaslang · Jan 12, 2005

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

smcgilli · Feb 2, 2005

Thank you for the help, Chaslang. I ran Hijack This and found an obvious Windows Service for the unwanted mutant version of Remote Administrator. There were a few other treats in there, too. The problem is fixed.

Thanks again.

-Scott

chaslang · Feb 2, 2005

You're welcome!

Log in or Sign up

Tools for Remote Admin spywares?

smcgilli Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

smcgilli Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

smcgilli Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member