W
walala
Dear all,
I newly installed my windows XP with the remote administrator(RADMIN)
for remote control(downloaded from their website)...
Here is a VirusScan Log: Basically, it reported "Nachi" host virus
infection on two files: "r_server.exe RemoteAdmin.svr" and later
"SVCHOST.EXE" infected by "W32/Nachi!tftpd".
It was obvious that the "SVCHOST" file was infected later than I first
installed the "r_server"...
I previously also installed the RADMIN on another computer, and used
Norton Antivirus, which did not report any virus/trojan about RADMIN.
I am concerned about this and want to know is there any security
breach case happened on RADMIN, and is it totally unsafe, and hence
should never be used; or it can be used by doing some Windows patching
and after the patching, the security problem won't happen any more?
(because I really don't want to trouble our security personel also
come and ask to check my computer...)
Thanks a lot,
-Walala
--------------------------------------------------------------------
10/30/2003 11:15:13 PM Moved (Clean failed because the file isn't
cleanable) COMTECH\Administrator D:\Applications\Radmin\r_server.exe RemoteAdmin.svr
10/30/2003 11:17:34 PM Statistics:
10/30/2003 11:17:34 PM Files scanned: 2762
10/30/2003 11:17:34 PM Files infected: 1
10/30/2003 11:17:34 PM Files cleaned: 0
10/30/2003 11:17:34 PM Files deleted: 0
10/30/2003 11:17:34 PM Files moved: 1
10/30/2003 11:19:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:57 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:59 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:40:48 PM Not scanned (scan timed out)
COMTECH\Administrator D:\Applications\Matlab6p5\sys\java\jre\win32\jre\lib\rt.jar\JARVERIFIERSTREAM$CERTCACHE.CLASS
10/30/2003 11:44:08 PM Statistics:
10/30/2003 11:44:08 PM Files scanned: 6639
10/30/2003 11:44:08 PM Files infected: 8
10/30/2003 11:44:08 PM Files cleaned: 0
10/30/2003 11:44:08 PM Files deleted: 0
10/30/2003 11:44:08 PM Files moved: 0
10/30/2003 11:45:53 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:21 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:23 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:55:36 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\wins\SVCHOST.EXE W32/Nachi!tftpd
I newly installed my windows XP with the remote administrator(RADMIN)
for remote control(downloaded from their website)...
Here is a VirusScan Log: Basically, it reported "Nachi" host virus
infection on two files: "r_server.exe RemoteAdmin.svr" and later
"SVCHOST.EXE" infected by "W32/Nachi!tftpd".
It was obvious that the "SVCHOST" file was infected later than I first
installed the "r_server"...
I previously also installed the RADMIN on another computer, and used
Norton Antivirus, which did not report any virus/trojan about RADMIN.
I am concerned about this and want to know is there any security
breach case happened on RADMIN, and is it totally unsafe, and hence
should never be used; or it can be used by doing some Windows patching
and after the patching, the security problem won't happen any more?
(because I really don't want to trouble our security personel also
come and ask to check my computer...)
Thanks a lot,
-Walala
--------------------------------------------------------------------
10/30/2003 11:15:13 PM Moved (Clean failed because the file isn't
cleanable) COMTECH\Administrator D:\Applications\Radmin\r_server.exe RemoteAdmin.svr
10/30/2003 11:17:34 PM Statistics:
10/30/2003 11:17:34 PM Files scanned: 2762
10/30/2003 11:17:34 PM Files infected: 1
10/30/2003 11:17:34 PM Files cleaned: 0
10/30/2003 11:17:34 PM Files deleted: 0
10/30/2003 11:17:34 PM Files moved: 1
10/30/2003 11:19:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:19 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:57 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:20:59 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:40:48 PM Not scanned (scan timed out)
COMTECH\Administrator D:\Applications\Matlab6p5\sys\java\jre\win32\jre\lib\rt.jar\JARVERIFIERSTREAM$CERTCACHE.CLASS
10/30/2003 11:44:08 PM Statistics:
10/30/2003 11:44:08 PM Files scanned: 6639
10/30/2003 11:44:08 PM Files infected: 8
10/30/2003 11:44:08 PM Files cleaned: 0
10/30/2003 11:44:08 PM Files deleted: 0
10/30/2003 11:44:08 PM Files moved: 0
10/30/2003 11:45:53 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:21 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:46:23 PM Move failed (Clean failed because the file
isn't cleanable) COMTECH\Administrator C:\WINDOWS\system32\r_server.exe RemoteAdmin.svr
10/30/2003 11:55:36 PM Move failed (Clean failed because the file
isn't cleanable) NT
AUTHORITY\SYSTEM C:\WINDOWS\system32\wins\SVCHOST.EXE W32/Nachi!tftpd