Threat Search: 

ThreatExpert's Statistics for RemAdm-RemoteAdmin [McAfee]:

RemAdm-RemoteAdmin [McAfee] is also known as:
Threat AliasNumber of Incidents
not-a-virus:RemoteAdmin.Win32.RAdmin.20 [Kaspersky Lab]1,330
Backdoor.Radmin [PC Tools]1,120
RemoteAccess:Win32/GhostRadmin [Microsoft]267
Remacc.Radmin [Symantec]139
not-a-virus:RemoteAdmin.Win32.RAdmin.21 [Kaspersky Lab]125
not-a-virus:RemoteAdmin.Win32.RAdmin.22 [Kaspersky Lab]71
not-a-virus:RemoteAdmin.RAdmin [Ikarus]70
RemoteAccess:Win32/RServer [Microsoft]66
not-a-Virus.RemoteAdmin.RAdmin [Ikarus]53
not-a-virus:RemoteAdmin.Win32.RAdmin.20 [Ikarus]31
not-a-virus:RemoteAdmin.Win32.RAdmin [Ikarus]17
not-a-virus:RemoteAdmin.Win32.RAdmin.22 [Ikarus]16
BKDR_RADMIN.N [Trend Micro]12
Backdoor.Win32.RAdmin.j [Kaspersky Lab]9
not-a-virus.RemoteAdmin.RAdmin [Ikarus]9
Backdoor.Win32.Radmin.J [Ikarus]6
not-a-virus:RemoteAdmin.Win32.RAdmin.21 [Ikarus]6
not-a-virus:RemoteAdmin.Win32.RemoteExec [Ikarus]4
not-a-virus:RemoteAdmin.Win32.RemoteExec.b [Kaspersky Lab]4
Win-Trojan/Remoteadmin.245760 [AhnLab]4
Application.Radmin [PC Tools]3
Backdoor.RAdmin!sd6 [PC Tools]3
RemoteAccess.Win32.GhostRadmin [Ikarus]3
Backdoor.Win32.RA-based [Ikarus]2
Backdoor.Win32.RA-based.ao [Kaspersky Lab]2
Packed/RLPack [PC Tools]2
RemoteAccess.Radmin [PC Tools]2
Backdoor.RA-based!sd5 [PC Tools]1
Backdoor.RAdmin!sd5 [PC Tools]1
Backdoor.Trojan [Symantec]1
Backdoor.VB!sd5 [PC Tools]1
Backdoor.Win32.Aimbot [Ikarus]1
Backdoor.Win32.RA-based.am [Kaspersky Lab]1
Backdoor.Win32.RAdmin.ab [Kaspersky Lab]1
Backdoor.Win32.VB.asw [Kaspersky Lab]1
Backdoor:Win32/Small.BE [Microsoft]1
BKDR_RADM.A [Trend Micro]1
BKDR_RADMIN.Q [Trend Micro]1
Hacktool [Symantec]1
not-a-virus:RemoteAdmin.Win32.RAdmin.30 [Kaspersky Lab]1
Troj/Mdrop-BMH [Sophos]1
Trojan:Win32/Anomaly.gen!A [Microsoft]1
Trojan-PSW.Win32.LdPinch.agwz [Kaspersky Lab]1
Win-Trojan/LdPinch.184635 [AhnLab]1

RemAdm-RemoteAdmin [McAfee] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation208
China3
Spain1

RemAdm-RemoteAdmin [McAfee] is known to be created as:
%ProgramFiles%\infium\messenger infium final\admdll.dll
%ProgramFiles%\infium\messenger infium final\raddrv.dll
%ProgramFiles%\radmin\admdll.dll
%ProgramFiles%\radmin\r_server.exe
%ProgramFiles%\radmin\raddrv.dll
%ProgramFiles%\radmin\radmin.exe
%System%\admdll.dll
%System%\dllcache\secure\admdll.dll
%System%\dllcache\secure\svchost.exe
%System%\drivers\admdll.dll
%System%\drivers\raddrv.dll
%System%\drivers\str\admdll.dll
%System%\drivers\str\raddrv.dll
%System%\drivers\str\svchost.exe
%System%\drivers\system.exe
%System%\nvsvc32.exe
%System%\r_server.exe
%System%\raddrv.dll
%System%\syserror.exe
%System%\systemram.exe
%System%\winuping\admdll.dll
%System%\winuping\raddrv.dll
%Temp%\10.0.20.83\ntfs.exe
%Temp%\admdll.dll
%Temp%\raddrv.dll
%Temp%\radmin.exe
%Temp%\radmin22.exe
%Temp%\s60..dll
%Temp%\s60.1.exe
%UserProfile%\s1f8.1.exe
%UserProfile%\s1qo.1.exe
%Windir%\addins\admdll.dll
%Windir%\addins\raddrv.dll
%Windir%\addins\svchost.exe
%Windir%\admdll.dll
%Windir%\avg.exe
%Windir%\ime\ins\admdll.dll
%Windir%\ime\ins\svchost.exe
%Windir%\inf\inf.dll\admdll.dll
%Windir%\inf\inf.dll\microsoft.exe
%Windir%\pif\admdll.dll
%Windir%\pif\smss.exe
%Windir%\raddrv.dll
%Windir%\s60.1.dll
%Windir%\svchost.exe
%Windir%\system\admdll.dll
%Windir%\systems\admdll.dll
%Windir%\temp\admdll.dll
c:\temp\system\admdll.dll
c:\temp\system\r_server.exe
Notes:
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.