Threat Search: 

ThreatExpert's Statistics for Remacc.Radmin [Symantec]:

Remacc.Radmin [Symantec] is also known as:
Threat AliasNumber of Incidents
RemAdm-RemoteAdmin [McAfee]139
Backdoor.Radmin [PC Tools]87
not-a-virus:RemoteAdmin.Win32.RAdmin.20 [Kaspersky Lab]75
not-a-virus:RemoteAdmin.Win32.RAdmin.21 [Kaspersky Lab]53
RemoteAccess:Win32/RServer [Microsoft]32
RemoteAccess:Win32/GhostRadmin [Microsoft]21
not-a-virus:RemoteAdmin.Win32.RAdmin.20 [Ikarus]13
not-a-Virus.RemoteAdmin.RAdmin [Ikarus]9
not-a-virus:RemoteAdmin.Win32.RAdmin.22 [Kaspersky Lab]8
Backdoor.Win32.RAdmin.j [Kaspersky Lab]6
BKDR_RADMIN.N [Trend Micro]6
not-a-virus:RemoteAdmin.Win32.RAdmin [Ikarus]5
Backdoor.Win32.Radmin.J [Ikarus]4
not-a-virus.RemoteAdmin.RAdmin [Ikarus]4
Application.Radmin [PC Tools]3
Backdoor.Win32.RA-based [Ikarus]3
Backdoor.BAT.RA-based.f [Kaspersky Lab]2
Backdoor.RAdmin!sd6 [PC Tools]2
not-a-virus:RemoteAdmin.RAdmin [Ikarus]2
not-a-virus:RemoteAdmin.Win32.RAdmin.21 [Ikarus]2
not-a-virus:RemoteAdmin.Win32.RAdmin.22 [Ikarus]2
RemAdm-Generic [McAfee]2
Backdoor.Agobot [PC Tools]1
Backdoor.RA-based!sd5 [PC Tools]1
Backdoor.RA-based.BH [PC Tools]1
Backdoor.Win32.Aimbot [Ikarus]1
Backdoor.Win32.Delf.ado [Kaspersky Lab]1
Backdoor.Win32.Delf.afe [Kaspersky Lab]1
Backdoor.Win32.RA-based.am [Kaspersky Lab]1
Backdoor.Win32.RA-based.ao [Kaspersky Lab]1
Backdoor.Win32.RA-based.bn [Kaspersky Lab]1
Backdoor:Win32/Small.BE [Microsoft]1
BKDR_RADMIN.Q [Trend Micro]1
Mal/Packer [Sophos]1
New Malware.h [McAfee]1
not-a-virus:RemoteAdmin.Win32.RAdmin.30 [Kaspersky Lab]1
RemoteAccess.Radmin [PC Tools]1
RiskWare.RAdmin.BA [PC Tools]1
Troj/Mdrop-BMH [Sophos]1
TROJ_MULTIDRP.ES [Trend Micro]1
Trojan-PWS.Win32.QQPass [Ikarus]1
Win-Trojan/RAdmin.408064 [AhnLab]1

Remacc.Radmin [Symantec] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation32
China5

Remacc.Radmin [Symantec] is known to be created as:
%ProgramFiles%\infium\messenger infium final\admdll.dll
%ProgramFiles%\infium\messenger infium final\raddrv.dll
%ProgramFiles%\infium\messenger infium final\svchost.exe
%ProgramFiles%\radmin\admdll.dll
%ProgramFiles%\radmin\r_server.exe
%ProgramFiles%\radmin\raddrv.dll
%System%\admdll.dll
%System%\dllcache\secure\admdll.dll
%System%\dllcache\secure\svchost.exe
%System%\drivers\raddrv.dll
%System%\drivers\str\admdll.dll
%System%\drivers\str\raddrv.dll
%System%\drivers\str\svchost.exe
%System%\drivers\system.exe
%System%\instal_r.exe
%System%\nvsvc32.exe
%System%\r_server.exe
%System%\raddrv.dll
%System%\syserror.exe
%System%\systemram.exe
%System%\winuping\admdll.dll
%System%\winuping\raddrv.dll
%System%\winuping\svchost.exe
%Temp%\admdll.dll
%Temp%\raddrv.dll
%Temp%\s60.1.exe
%Temp%\svchost.exe
%UserProfile%\s1f8.1.exe
%UserProfile%\s1qo.1.exe
%Windir%\addins\admdll.dll
%Windir%\addins\raddrv.dll
%Windir%\addins\svchost.exe
%Windir%\admdll.dll
%Windir%\ime\ins\admdll.dll
%Windir%\inf\inf.dll\admdll.dll
%Windir%\pif\admdll.dll
%Windir%\raddrv.dll
%Windir%\svchost.exe
%Windir%\systemfile.exe
%Windir%\systems\admdll.dll
%Windir%\temp\admdll.dll
c:\temp\system\admdll.dll
c:\temp\system\r_server.exe
Notes:
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.