Home Malware Programs Trojans RemoteAccess:Win32/GhostRadmin


Posted: November 30, 2010

Threat Metric

Ranking: 7,815
Threat Level: 8/10
Infected PCs: 1,843
First Seen: November 30, 2010
Last Seen: May 25, 2022
OS(es) Affected: Windows

Ghost Radmin is a Trojan that abuses the legitimate software Radmin to control your PC. Ghost Radmin installs Radmin (a Remote Administration Tool) without your permission and without visual indications of the activity. Afterwards, anonymous criminals can use Ghost Radmin to control your PC, including forcing your PC to participate in DDoS attacks, stealing passwords and other sensitive information or installing other harmful software onto your hard drive. If you suspect that Ghost Radmin is on your computer, reboot into Safe Mode and scan your PC with a trusted anti-malware application.

Ghost Radmin – the Radmin Variant You'll Wish You Didn't Know About

Although Radmin is a legitimate and safe program that's used to remotely control computers, Ghost Radmin abuses Trojan.Mapstosteal's capabilities for malicious purposes. True to Trojan.Mapstosteal's name, Ghost Radmin is all but invisible and will show no obvious signs of operating on your PC. Ghost Radmin was first seen as long ago as 2005, but has been updated as recently as 2010 and remains a very real threat to any PC.

You may be able to recognize Ghost Radmin by Trojan.Mapstosteal's file size, which typically is 1.26 kilobytes. Other than this and unauthorized activity on port 5899, there are few distinguishing characteristics of a Ghost Radmin Trojan. Ghost Radmin Trojans can install themselves on your PC without permission. If you want to reduce the possibility of being attacked by Ghost Radmin, keep your browser up to date, disable scripts from suspicious sources and use updated and top-quality security software.

Why You'll Want to Exorcise Ghost Radmin from Your PC

Like all RATs (Remote Administration Tools), Ghost Radmin's purpose is to infiltrate your PC quietly and then install Radmin or other RAT components that let distant criminals exert control over your computer. Ghost Radmin attacks can include, but aren't restricted to:

  • Installing other harmful programs, which can range from keyloggers to rogue security programs to other Trojans like Ghost Radmin.
  • Recording sensitive information on your PC to send to remote criminals. Ghost Radmin may track website activity, record passwords, take screenshots or harvest contact lists.
  • Ghost Radmin may also let a criminal control your PC directly, performing any desired functions up to and including forcing your PC to be part of an illegal Distributed Denial of Service attack.

Ghost Radmin infections are considered severe security and privacy threats, and should be removed as soon as you suspect that you have one hiding on your PC. The ideal Ghost Radmin removal method is to use an updated anti-virus or security scanner in Safe Mode with administrator privileges enabled. Scan your entire computer instead of performing a 'quick' scan, since Ghost Radmin and similar Trojans have been known to infect system restore functions and other advanced components of your operating system.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 r_server.exe
    2 radmin.exe
    3 svchost.exe
    4 windll.exe


Generic.dx!uux [McAfee]RemoteAdmin.BCO [AVG]Unwanted/Win32.Remadm [AhnLab-V3]TR/RemoteAdmin.BDH [AntiVir]Gen:Trojan.Heur.pqW@y1vqCydiC [F-Secure]not-a-virus:RemoteAdmin.Win32.RAdmin.mt [Kaspersky]Win32.TRRemoteAdmin [eSafe]Win32:Radmin-BT [PUP] [Avast]Trojan.Dropper [Symantec]W32/RemoteAdmin.C [F-Prot]Artemis!E2981ACD6AAD [McAfee]Application/FireDaemon.C [Panda]Generic.JDR [AVG]HackerTool/FireDaemon [Fortinet]Win-AppCare/FireDaemon [AhnLab-V3]
More aliases (156)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RemoteAccess:Win32/GhostRadmin may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%WINDIR%\system32\r_server.exe File name: r_server.exe
Size: 724.99 KB (724992 bytes)
MD5: 1f0cd34f142bdfd89c916116a137272f
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\
Group: Malware file
Last Updated: November 30, 2011
C:\rastuff\2.2\radmin.exe File name: radmin.exe
Size: 1.12 MB (1122304 bytes)
MD5: dd06a3c6be9e9ca55667a44fec7fb7b0
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: C:\rastuff\2.2\
Group: Malware file
Last Updated: December 10, 2018
%APPDATA%\cleaner file.exe File name: cleaner file.exe
Size: 324.96 KB (324960 bytes)
MD5: e2981acd6aad63030a427c8fbe23214d
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\
Group: Malware file
Last Updated: August 21, 2020
%WINDIR%\system32\perftmp\FireDaemon.EXE File name: FireDaemon.EXE
Size: 262.14 KB (262144 bytes)
MD5: 03bc8ecd744f6cdbb8fe00de11c953d3
Detection count: 5
File type: Executable File
Mime Type: unknown/EXE
Path: %WINDIR%\system32\perftmp\
Group: Malware file
Last Updated: April 22, 2013

More files