[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

GhostRadmin/r_server.exe problem

Posted on 2004-11-15
3
Medium Priority
?
735 Views
Last Modified: 2012-05-05
I found GhostRadmin in my server which is a DC/exchange server.

Does anyone have recommand software to search Trojan and Malware and remove them?

also I found the exchange server service 'information store service' is down several time, but it can be restart. Is there any relationship with the trojan?

after I remove this virus, what do i need to do to protect my server?

Thanks a lot!
0
Comment
Question by:robinyanwang
  • 2
3 Comments
 
LVL 9

Expert Comment

by:paraghs
ID: 12590846
GhostRadmin is a 'dropper' to silenty install radmin..intended almost always for use as a trojan.

GhostRadmin has the following files:

editor.exe (6 Kb)
FSG.EXE (65 Kb)
server.exe (2.5 Kb)

What "Ghost Radmin" does is downloading r_server.exe and AdmDll.dll files to the targent machine without notifying the user, nothing more. These two files are also included into the package.

Here is a copy of the Ghostradmin instructions:

Ghost Radmin 1.0
Coded by illwill in ASM
9/18/03

===========================================================
a 1.26kb program that silently installs Radmin on a
remote computer for win9x/me/nt/2k/xp.
basically it downloads the radmin server and dll from the
web and adds the proper registry keys for it to function.
===========================================================
features:
* only 1.26 kb
* installs radmin with a password of 12345678

Instructions:
first get a website
1. extract all files from zip to a folder
2. open up editor.exe
3. select the [...] to browse for server.exe
4. once server selected press read
5. change the settings to your liking
a. url: web address of r_server.exe
b. dll: web address of AdmDll.dll
6. write the settings to the server
7. compress it then bind it with your trojan
===========================================================

I am not aware of any program to remove it. BTW, it is not a virus.

See if deleting the above mentioned three files helps.
0
 
LVL 11

Expert Comment

by:elbereth21
ID: 12591658
Have you already tried with Ad-Aware SE and SpyBot Search and Destroy?
0
 
LVL 11

Accepted Solution

by:
elbereth21 earned 1050 total points
ID: 12591676
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This shares a stored procedure to retrieve permissions for a given user on the current database or across all databases on a server.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question