RemoteAccess:Win32/GhostRadmin
Posted: November 30, 2010
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 2,113 |
| First Seen: | November 30, 2010 |
|---|---|
| Last Seen: | May 21, 2023 |
| OS(es) Affected: | Windows |
Ghost Radmin is a Trojan that abuses the legitimate software Radmin to control your PC. Ghost Radmin installs Radmin (a Remote Administration Tool) without your permission and without visual indications of the activity. Afterwards, anonymous criminals can use Ghost Radmin to control your PC, including forcing your PC to participate in DDoS attacks, stealing passwords and other sensitive information or installing other harmful software onto your hard drive. If you suspect that Ghost Radmin is on your computer, reboot into Safe Mode and scan your PC with a trusted anti-malware application.
Ghost Radmin – the Radmin Variant You'll Wish You Didn't Know About
Although Radmin is a legitimate and safe program that's used to remotely control computers, Ghost Radmin abuses Trojan.Mapstosteal's capabilities for malicious purposes. True to Trojan.Mapstosteal's name, Ghost Radmin is all but invisible and will show no obvious signs of operating on your PC. Ghost Radmin was first seen as long ago as 2005, but has been updated as recently as 2010 and remains a very real threat to any PC.
You may be able to recognize Ghost Radmin by Trojan.Mapstosteal's file size, which typically is 1.26 kilobytes. Other than this and unauthorized activity on port 5899, there are few distinguishing characteristics of a Ghost Radmin Trojan. Ghost Radmin Trojans can install themselves on your PC without permission. If you want to reduce the possibility of being attacked by Ghost Radmin, keep your browser up to date, disable scripts from suspicious sources and use updated and top-quality security software.
Why You'll Want to Exorcise Ghost Radmin from Your PC
Like all RATs (Remote Administration Tools), Ghost Radmin's purpose is to infiltrate your PC quietly and then install Radmin or other RAT components that let distant criminals exert control over your computer. Ghost Radmin attacks can include, but aren't restricted to:
- Installing other harmful programs, which can range from keyloggers to rogue security programs to other Trojans like Ghost Radmin.
- Recording sensitive information on your PC to send to remote criminals. Ghost Radmin may track website activity, record passwords, take screenshots or harvest contact lists.
- Ghost Radmin may also let a criminal control your PC directly, performing any desired functions up to and including forcing your PC to be part of an illegal Distributed Denial of Service attack.
Ghost Radmin infections are considered severe security and privacy threats, and should be removed as soon as you suspect that you have one hiding on your PC. The ideal Ghost Radmin removal method is to use an updated anti-virus or security scanner in Safe Mode with administrator privileges enabled. Scan your entire computer instead of performing a 'quick' scan, since Ghost Radmin and similar Trojans have been known to infect system restore functions and other advanced components of your operating system.
File System Modifications
- The following files were created in the system:
# File Name 1 r_server.exe 2 radmin.exe 3 svchost.exe 4 windll.exe
Aliases
More aliases (156)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:C:\Program Files (x86)\Radmin\r_server.exe
File name: r_server.exeSize: 724.99 KB (724992 bytes)
MD5: 9ae2679aa609357e9534c38e9f69094b
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Radmin\r_server.exe
Group: Malware file
Last Updated: May 2, 2022
%WINDIR%\system32\r_server.exe
File name: r_server.exeSize: 724.99 KB (724992 bytes)
MD5: 1f0cd34f142bdfd89c916116a137272f
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 30, 2011
C:\Program Files (x86)\Radmin\radmin.exe
File name: radmin.exeSize: 1.1 MB (1101824 bytes)
MD5: e98ac08049ae05ec0ce91f9a2116779f
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Radmin\radmin.exe
Group: Malware file
Last Updated: January 19, 2022
%APPDATA%\cleaner file.exe
File name: cleaner file.exeSize: 324.96 KB (324960 bytes)
MD5: e2981acd6aad63030a427c8fbe23214d
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: August 21, 2020
%WINDIR%\system32\perftmp\FireDaemon.EXE
File name: FireDaemon.EXESize: 262.14 KB (262144 bytes)
MD5: 03bc8ecd744f6cdbb8fe00de11c953d3
Detection count: 5
File type: Executable File
Mime Type: unknown/EXE
Path: %WINDIR%\system32\perftmp
Group: Malware file
Last Updated: April 22, 2013
%WINDIR%\system32\r_server.exe
File name: r_server.exeSize: 724.99 KB (724992 bytes)
MD5: 8be7a1bac5a0f00b8f8ec27585bca400
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32
Group: Malware file
Last Updated: May 3, 2013
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.