Radmin is currently running on PC, did not put it there, how do I remove it

By BTwonderz
Feb 6, 2005
Topic Status:
Not open for further replies.
  1. When I last rebooted, a small -blank- icon appeared in my tool tray.
    It announces my IP when hovered over and when dble right clicked
    it offers two choices "current connections" and about.
    When current connections is selected it says there is none connected.
    When About is selected it says,
    "Remote Administrator server v2.1 for win9x...etc
    Unregistered copy. I imagine it is 'cuz I never knew it existed until now.
    There have been virus definitions from Norton that had similarly named threats and I never purposely put it there.
    Is there a way to remove it? [tried traditional removal methods]

    Thanks in advance.

    BT
  2. patio

    patio TechSpot Maniac Posts: 700

    Who else has access to your PC ? ?
    radmin is a remote control software for pc's that allows admin controls from a remote location.
    If you didn't install it someone else did.
    Check their website for un-installation procedures.
    You might want to password protect your machine.

    patio. :cool:
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  4. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,745

    It can inadvertantly get installed when you try to run something you have downloaded. And when I say inadvertantly, I mean malicously by someone, inadvertant to you. It is good you found it, now do as RBS said and let's get rid of it before you get abused by some hacker.
  5. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Radmin HJT

    RBS-Thanks for responding. I've learned my lesson and done Exactly what you suggest, unlike a past episode with home-search-asstnt
    The only dilemma I had was trying to update Ad-Aware; it announced an error reaching the server, so I had to make due with January's last update.
    Find enclosed the HJT...It seems o.k, but that's why I leave it in your capable hands.

    BT

    Thanks Patio
    Thanks poetner_1274

    PS: I have been to the radmin forum...uninstall thread, however I trust RBS' advice and thought I'd start here.

    ---

  6. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Thank you for the flowers!

    C:\WINNT\system32\WISPTIS.EXE
    Unless you have a tablet-PC, get rid of this MS-Pest wisptis.exe. It is NOT a virus or spyware, just annoying.
    It is a rather involved process in the Registry, so make a backup of Registry before you start.
    See instructions here: http://www.boredguru.com/modules/newbb/viewtopic.php?topic_id=193&forum=24

    I don't think CWShredder is supposed to run as a service, if you set any switches in that program to keep running, switch it off. It won't do any harm however.

    Boot in Safe Mode.
    Go here first: Control Panel/Administrative Tools/doubleclick Services/
    Scroll Down to Firedaemon Services and Stop and Disable them all
    See if this 'service' is there as well:
    Net Logon Mgmt If there, Stop and Disable it.
    Careful here, the official one is Net Logon, don't touch that!

    Next, press ctrl/alt/del and in Taskmanager try to STOP:
    isesobo.exe
    nttdll.exe (if there)
    FireDaemon.EXE (if there)
    WISPTIS.EXE (if there)

    Next, run HJT on its own and let it 'fix' (if still there):
    C:\WINNT\system32\WISPTIS.EXE
    O4 - HKCU\..\Run: [xevivi] isesobo.exe
    O23 - Service: FireDaemon Service: ntsysvers - Unknown - C:\WINNT\system32\dllcache\FireDaemon.EXE
    O23 - Service: FireDaemon Service: runbatch - Unknown - C:\WINNT\system32\dllcache\FireDaemon.EXE
    O23 - Service: Net Logon Mgmt - Unknown - C:\WINNT\nttdll.exe
    O23 - Service: FireDaemon Service: security - Unknown - C:\WINNT\system32\dllcache\FireDaemon.EXE

    When done, hunt down isesobo.exe and C:\WINNT\nttdll.exe and delete them.
    FireDaemon could be a legitimate program if you run a server, but your log does not look like that.
    So, for the moment, rename it to firedaemon-exe (note the - instead of .)
    Keep an eye on it and delete in a few days, if you don't want/need it.
  7. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Hmmm...Next!?

    RBS- Yer Welcome
    I followed boredguru's advice and believe I removed MS-pest,however when I was going thru the motions...
    the following were not there to delete: See-wisp...txt [however, it seems to be gone--exe was deleted]

    and

    NO "services" available under Admin Tools. See NO-srvcs...jpg --weird!

    Before I get in trouble for not doing Exactly what has been instructed...I stopped and send this note.

    See latest HJT

    Thx

    BT
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Click on Start/Run and type in: %SystemRoot%\system32\services.msc /s then click on OK. That should bring you to Services. The rest of my first post still applies (except wisptis).
    The wisptis instructions were meant for ANYone with that problem, giving ALL possible entries. You need not always have everything they say there.

    So, continue where you left off, good luck.
  9. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Srvcs...Gone!?

    RBS- Again, I attempted to find "services" to no avail.
    Error mssg: see NOWINNTsrvcs...jpg
    When I browse for %Sys...Root... I see NOWINNTsrvcsBrowse...jpg

    It's like its GONE

    BT
  10. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Rightclick My Computer on the Desktop, select Manage. At the bottom of the new window, click on the + in front of the Services and Applications, then on Services.
  11. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Not there....

    RBS-It doesn't appear I have any "services"...I'm getting concerned.
    See ERROR Mssg: MMCcannot...jpg

    BT

    BTW, Attempted to stop running processes listed and...
    [probably due to inability to Stop F..daem...]
    ...could not Stop the process.
  12. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    I think you need to do a reinstall-in-place.
    Go here for the instructions: http://www.techspot.com/vb/topic8356.html
    When you are doing that, disconnect your PC from the internet.

    Also, make a full backup of all your personal files, you may have to re-install from scratch if things turn out really bad.
  13. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Doesn't look good

    Hmmm...This is becoming quite involved ...sent pm
    BT
     
  14. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    Latest HJT

    Removed suggested "baddies" and ran the latest HJT
    please see the enclosed
  15. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You got yourself a nasty worm, W32/Rbot-WF

    Go here to get rid of it:
    http://www.sophos.com/virusinfo/analyses/w32rbotwf.html
    Follow the tabs under the worm-name (Summary/Description/Recovery/Advanced)

    After you followed their instructions, you can check with HJT if any of these are still there:

    C:\WINNT\system32\scvhvst.exe
    O4 - HKLM\..\Run: [Microsoft Office Studio] scvhvst.exe
    O4 - HKLM\..\Run: [MSN Beta] SVCHOSTdll.exe
    O4 - HKLM\..\RunServices: [Microsoft Office Studio] scvhvst.exe
    O4 - HKLM\..\RunServices: [MSN Beta] SVCHOSTdll.exe
    O4 - HKCU\..\Run: [Microsoft Office Studio] scvhvst.exe
    O4 - HKCU\..\Run: [MSN Beta] SVCHOSTdll.exe

    They should not. The rest of your log is clean.
  16. BTwonderz

    BTwonderz Newcomer, in training Topic Starter

    sophos-"uninstall any antivirus programs..."

    RBS-Thanks for the link, however in order to follow your instructions, hence their instructions, they ask that I remove my existing anti virus program.
    My problem with this is; that PC was given to me "as is" with programs but no CD's for any reinstallations.
    If I was to uninstall, I have no way of getting them back [for free that is].

    Is it not possible to run HJT and/or edit the registry to fix the listed culprits?, or will they replicate and continue to be a nuisance to my system?
    I have left everything as is until I hear back from you with any suggestions.

    Thanks for your patience,

    BT
  17. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    You could try it with the current Stinger from here: http://vil.nai.com/vil/stinger/
    or wait a few days until they update specifically for it.

    Sofar Sophos is the only one with a remedy.
    If you follow all their instructions, with the exception of uninstalling the current AV and installing Sophos, you will probably be able to manage to get rid of it.

    or try:
    Boot in Safe Mode
    Press ctrl/alt/del and in Taskmanager try to STOP:
    scvhvst.exe
    SVCHOSTdll.exe

    Then run HJT and 'fix'
    C:\WINNT\system32\scvhvst.exe
    O4 - HKLM\..\Run: [Microsoft Office Studio] scvhvst.exe
    O4 - HKLM\..\Run: [MSN Beta] SVCHOSTdll.exe
    O4 - HKLM\..\RunServices: [Microsoft Office Studio] scvhvst.exe
    O4 - HKLM\..\RunServices: [MSN Beta] SVCHOSTdll.exe
    O4 - HKCU\..\Run: [Microsoft Office Studio] scvhvst.exe
    O4 - HKCU\..\Run: [MSN Beta] SVCHOSTdll.exe

    when done, delete them.

    You can always get the (free) AVG antivirus from www.grisoft.com
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.