Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

What's RAdmin? How do I remove it? Was I hacked?


  • Please log in to reply
5 replies to this topic

#1 Guest_CBN2xx_*

Guest_CBN2xx_*

  • Guests
  • OFFLINE
  •  

Posted 19 June 2005 - 11:09 AM

Hello everyone -- thanks for getting into my topic, at least that shows you're trying to help.

Anyway, look, I just noticed some odd icon at my tray, now I double-clicked on it, clicked on "About", and that's what I'm getting. It really looks like I was hacked, doesn't it? It's not listed on Add/Remove Programs, what should I use to remove it?

Thanks in advance!

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana

Posted 19 June 2005 - 12:26 PM

Hello, CBN2xx.
I can't connect to your image.
Here's a few things you can do.

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Are you using these basic security programs?
(They're all free.)

a² free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. a² fills this gap.
Ad-Aware - A good program similar to SpyBot S & D.
Spybot S&D - Detects and removes spyware, of different types, from your computer.
SpywareBlaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

If that doesn't help, then:

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:11:16 AM

Posted 19 June 2005 - 04:21 PM

The website for Radmin has these instructions for disabling the program, but even they admit the only way to truly get rid of it is to format and reinstall. See this link.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#4 Guest_CBN2xx_*

Guest_CBN2xx_*

  • Guests
  • OFFLINE
  •  

Posted 20 June 2005 - 07:01 AM

Hi, well, I've done all that... my friend took care of my log and told me what to do. Anyway, it doesn't appear on my HijackThis logs anymore, but I can STILL see the icon at the tray... My friend told me to post a StartDreck log, so, here you go, I hope that helps;

StartDreck (build 2.1.7 public stable) - 2005-06-21 @ 14:59:27 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as user at USER-H2ZM1XZW0T

»Registry
»Run Keys
»Current User
»Run
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
*ctfmon.exe=C:\WINDOWS\System32\ctfmon.exe
*MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
»RunOnce
*ICQ Lite=C:\Program Files\ICQLite\ICQLite.exe -trayboot
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*ALUAlert=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
»RunOnce
»Local Machine
»Run
*ICQ Lite=C:\Program Files\ICQLite\ICQLite.exe -minimize
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
*WinampAgent=C:\Program Files\Winamp\winampa.exe
*KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+472=\SystemRoot\System32\smss.exe
+520=\??\C:\WINDOWS\system32\csrss.exe
+544=\??\C:\WINDOWS\system32\winlogon.exe
+588=C:\WINDOWS\system32\services.exe
+600=C:\WINDOWS\system32\lsass.exe
+760=C:\WINDOWS\System32\Ati2evxx.exe
+788=C:\WINDOWS\system32\svchost.exe
+848=C:\WINDOWS\System32\svchost.exe
+980=C:\WINDOWS\System32\svchost.exe
+1008=C:\WINDOWS\System32\svchost.exe
+1064=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
+1100=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
+1348=C:\WINDOWS\system32\spoolsv.exe
+1848=C:\WINDOWS\system32\Ati2evxx.exe
+1900=C:\WINDOWS\Explorer.EXE
+1988=C:\Program Files\ICQLite\ICQLite.exe
+1996=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+2004=C:\Program Files\Common Files\Symantec Shared\ccApp.exe
+2012=C:\Program Files\Winamp\winampa.exe
+192=C:\WINDOWS\System32\ctfmon.exe
+208=C:\Program Files\MSN Messenger\MsnMsgr.Exe
+364=C:\Program Files\Symantec AntiVirus\DefWatch.exe
+424=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
+944=C:\WINDOWS\system\nvsvc.exe
+1040=C:\WINDOWS\System32\svchost.exe
+1128=C:\Program Files\Symantec AntiVirus\Rtvscan.exe
+3024=C:\Program Files\Internet Explorer\iexplore.exe
+3620=C:\Program Files\FlashGet\flashget.exe
+3852=C:\Program Files\WinRAR\WinRAR.exe
+3908=C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.000\StartDreck.exe
»Application specific

So... Ummm... What should I do?

Thanks again.

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:12:16 PM

Posted 20 June 2005 - 08:06 AM

What do you get when you right click that icon?

According to our Startup Database (see the top of this page), spoolsv.exe is a trojan and may be Radmin, as it would likely display trojan-like behaviour. Nvsvc.exe is suspect too, but may be an NVidia driver. There may be more but I didn't check any further. My best suggestion is to post a HiJack This log as tg1911 suggested. Put a link back to this thread when you post the log.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 bobby

bobby

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 20 June 2005 - 08:20 AM

HI CBN2xx

i would also suggest you update to service pack 2 aswell
and get all the latest updates and lets hope your pc will
be better protected
rgrds bobby :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users