Jump to content

Win32/RemoteAdmin.RAdmin.AC potentially unsafe application


dst-ap

Recommended Posts

Hi all,

 

Had a 4 servers (2 x 2008 & 2 x 2012) where ESET Endpoint Antivirus quarantined rAdmin on all the servers.

 

Below is the sample of the quaritne log from one of these servers + the sys-info.

 

Please advise on how best resolve this issue.

Hash Occurred first Occurred last Object 
name Size Reason Hits Filef8401a325dd540135237aa74f14a8c4e6cbd81d8 5 
days ago 5 days ago C:\Users\admin_swf\AppData\Local\Downloaded 
Installations\{ECF6FE39-A8B0-411B-83AC-75A17875FE6F}\rserv34.msi 4 
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe 
application 1 No 
Dataf8401a325dd540135237aa74f14a8c4e6cbd81d8 5 days ago 5 days 
ago C:\Windows\Installer\abcddcf3.msi 4 
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe 
application 1 No 
Data81d62f525ca7ba1c765e15d08bd17d13f12b1457 5 days ago 5 days 
ago C:\Windows\SysWOW64\rserver30\rserver3.exe 1 
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe 
application 1 No Data
Information on operating system
Operating system: Windows Server 2012 
StandardOperating system version: 6.2.9200
Operating system type: 64-bit
Version of common control components: 5.82.9200
Processor: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz (2500 MHz)
System memory (RAM): 4096 MB

Computer description: 
Time zone name: GMT Daylight Time
Time zone offset: 60 min

Information about executive parts
Virus signature database: 8889 (20131008)
Update module: 1043 (20130415)
Antivirus and antispyware scanner module: 1410 (20130926)
Advanced heuristics module: 1143 (20130909)
Archive support module: 1180 (20130930)
Cleaner module: 1077 (20130924)
Anti-Stealth support module: 1053 (20130906)
ESET SysInspector module: 1237 (20130701)Self-defense 
support module: 1018 (20100812)
Real-time file system protection module: 1006 (20110921)
Translation support module: 1109 (20130611)
HIPS support module: 1096 (20130923)Internet protection 
module: 1067 (20130624)
Database module: 1040 (20130822)

Information about installed product
Product version: 5.0.2122.1
Product name: ESET Endpoint 
AntivirusProduct language: 1033
Current user information
User: ------------
Link to post
Share on other sites
  • Administrators

Since disabling memory scans is not safe, I'd suggest disabling detection of potentially unsafe applications so that the remote admin tool is not detected.

Link to post
Share on other sites
  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...