PUP.Radmin

[joem]

XP Pro + SP3 + updates

mbam 1.50.1.1100, latest definitions (free version)

MS Malicious Software Removal Tool, latest version (.17)

MS Security Essentials 2.0.657.0, latest definitions

An mbam full scan finds PUP.Radmin in C\system volume information\_restore[long random string....].EXE.

Full scans with MS SE or MS MSRT do not find it.

I googled it, but there's not a lot about it. Panda Security was the only legit security site to mention it, calling it both a "hacking tool" and "a legal tool that allows remote control".

Needless to say, I did not install it nor do I use it for "remote control".

I'm puzzled that with full scans neither of the two MS products find it.

Does anyone have experience with this malware?

[AdvancedSetup]

There was probably a trace of RAD ADMIN found in the System Volume and our heuristics portion of the scanner probably flagged it.

If you installed it or someone you know that is or was helping you at one time that could explain it. It's valid tool but only if you know it was installed and not if it was being used by someone without your knowledge.

[joem]

> If you installed it

I thought I was very clear on that when I wrote:

"Needless to say, I did not install it nor do I use it for 'remote control'."

> There was probably a trace of <RAD ADMIN> ...

I followed that link. It _appears_ to be a product that companies use to admin their remote computers.

Because of the nature of this product, it's also clear that hackers would like to install it on your computer so that they can take control of your computer.

So I have a question for anyone who is familiar with this product:

Under a normal/typical install, during installation would RAD ADMIN default to installing in:

a) Programs Files, or

B) the system restore partition (where mbam found it)

I run an updated mbam full scan on this computer _monthly_ and it hasn't found it before.