Content
RemAdm-RRT
- Type
- Program
- SubType
- Remote Access
- Discovery Date
- 09/27/2007
- Length
- Minimum DAT
- 5130 (09/28/2007)
- Updated DAT
- 5131 (10/01/2007)
- Minimum Engine
- 5.1.00
- Description Added
- 09/27/2007
- Description Modified
- 09/27/2007 2:59 PM (PT)
Tab Navigation
Characteristics
McAfee(R) Avert Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a Trojan. It is detected as a potentially unwanted program. It is a remote administration tool used to control functions of a target computer over a network.
RemAdm -RRT is a small, command -line executable, which allows a user to perform multiple administration tasks. Output of the executable shows the following options:
| Opintion : -filter - - -Change TCP/IP filter to on/off status. -addport - - -Add ports to the filter' allowed portlist. -setport - - -Set ports as the filter' allowed portlist. -nicinfo - - -List TCP/IP interface info. -pslist - - -List active processes. -pskill - - -Kill a specified process. -dlllist - - -List dlls of a specified process. -sysinfo - - -List system info. -shutdown - - -Shutdown system. -reboot - - -Reboot system. -poweroff - - -Turn off power. -logoff - - -Logoff current user's session. Used in an interactive logon session only. -chkts - - -Check Terminal Service info. -setupts - - -Install Terminal Service. -remts - - -Remove Terminal Service. -chgtsp - - -Reset Terminal Service port. -clog - - -Clean system log. -enumsrv - - -List all services. -querysrv - - -List detail info of a specified service. -instsrv - - -Install a service. -cfgsrv - - -Changes the configuration of a service. -remsrv - - -Remove a specified service. -startsrv - - -Start a specified service. -stopsrv - - -Stop a specified service. -netget - - -Download from http/ftp. -redirect - - -Port redirect. -chkuser - - -List all account¡¢sid and anti clone. -clone - - -Clone from admin to dest. -never - - -Set account looks like never logged on. -killuser - - -Del account. Even "guest" account. -su - - -Run process as Local_System privilege. Usage: mt.exe -su [File] - - - -Default run cmd.exe -findpass - - -Show all logged on user's pass. -netstat - - -List TCP connections. -killtcp - - -Kill TCP connection. -psport - - -Map ports to processes. -touch - - -Set the file times for a specified file. -secdel - - -Secure delete files and directory or zap free space. -regshell - - -Enter a console registry editor. -chkdll - - -Detect gina dll backdoor. |
Symptoms
Method of Infection
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
McAfee(R) Avert Labs recognizes that this program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. If you agreed to a license agreement for this, or another bundled application, you may have legal obligations with regard to removing this software, or using the host application without this software. Please contact the software vendor for further information.See http://vil.nai.com/vil/DATReadme.aspx for a list of Program detections added to the DATs.
See http://vil.nai.com/vil/pups/configuration.htm for information about how to enable, disable, and exclude detection of legitimately installed programs.
Distribution
This is not a virus or a Trojan. It is detected as a potentially unwanted program. It is a remote administration tool used to control functions of a target computer over a network.
RemAdm -RRT is a small, command -line executable, which allows a user to perform multiple administration tasks. Output of the executable shows the following options:
| Opintion : -filter - - -Change TCP/IP filter to on/off status. -addport - - -Add ports to the filter' allowed portlist. -setport - - -Set ports as the filter' allowed portlist. -nicinfo - - -List TCP/IP interface info. -pslist - - -List active processes. -pskill - - -Kill a specified process. -dlllist - - -List dlls of a specified process. -sysinfo - - -List system info. -shutdown - - -Shutdown system. -reboot - - -Reboot system. -poweroff - - -Turn off power. -logoff - - -Logoff current user's session. Used in an interactive logon session only. -chkts - - -Check Terminal Service info. -setupts - - -Install Terminal Service. -remts - - -Remove Terminal Service. -chgtsp - - -Reset Terminal Service port. -clog - - -Clean system log. -enumsrv - - -List all services. -querysrv - - -List detail info of a specified service. -instsrv - - -Install a service. -cfgsrv - - -Changes the configuration of a service. -remsrv - - -Remove a specified service. -startsrv - - -Start a specified service. -stopsrv - - -Stop a specified service. -netget - - -Download from http/ftp. -redirect - - -Port redirect. -chkuser - - -List all account¡¢sid and anti clone. -clone - - -Clone from admin to dest. -never - - -Set account looks like never logged on. -killuser - - -Del account. Even "guest" account. -su - - -Run process as Local_System privilege. Usage: mt.exe -su [File] - - - -Default run cmd.exe -findpass - - -Show all logged on user's pass. -netstat - - -List TCP connections. -killtcp - - -Kill TCP connection. -psport - - -Map ports to processes. -touch - - -Set the file times for a specified file. -secdel - - -Secure delete files and directory or zap free space. -regshell - - -Enter a console registry editor. -chkdll - - -Detect gina dll backdoor. |
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
Instructions on Enabling/Disabling Detection and Removal of Potentially Unwanted Programs
Variants
Variants -
N/A
