GhostRadmin/r_server.exe problem

Posted on 2004-11-15
Last Modified: 2012-05-05
I found GhostRadmin in my server which is a DC/exchange server.

Does anyone have recommand software to search Trojan and Malware and remove them?

also I found the exchange server service 'information store service' is down several time, but it can be restart. Is there any relationship with the trojan?

after I remove this virus, what do i need to do to protect my server?

Thanks a lot!
Question by:robinyanwang
    LVL 9

    Expert Comment

    GhostRadmin is a 'dropper' to silenty install radmin..intended almost always for use as a trojan.

    GhostRadmin has the following files:

    editor.exe (6 Kb)
    FSG.EXE (65 Kb)
    server.exe (2.5 Kb)

    What "Ghost Radmin" does is downloading r_server.exe and AdmDll.dll files to the targent machine without notifying the user, nothing more. These two files are also included into the package.

    Here is a copy of the Ghostradmin instructions:

    Ghost Radmin 1.0
    Coded by illwill in ASM

    a 1.26kb program that silently installs Radmin on a
    remote computer for win9x/me/nt/2k/xp.
    basically it downloads the radmin server and dll from the
    web and adds the proper registry keys for it to function.
    * only 1.26 kb
    * installs radmin with a password of 12345678

    first get a website
    1. extract all files from zip to a folder
    2. open up editor.exe
    3. select the [...] to browse for server.exe
    4. once server selected press read
    5. change the settings to your liking
    a. url: web address of r_server.exe
    b. dll: web address of AdmDll.dll
    6. write the settings to the server
    7. compress it then bind it with your trojan

    I am not aware of any program to remove it. BTW, it is not a virus.

    See if deleting the above mentioned three files helps.
    LVL 11

    Expert Comment

    Have you already tried with Ad-Aware SE and SpyBot Search and Destroy?
    LVL 11

    Accepted Solution


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    These days socially coordinated efforts have turned into a critical requirement for enterprises.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now