Admin-Magic-(spy detection) and removal

[sagarun 0]

Hi,

I love freedom,of course all of us too. In my college network my college admin use a software called "Admin magic" to spy all other users,in the network.

This software can be installed on any system without the knowledge of other users remotely,with administrator level authentication.

If you see a process named "RepSvc.exe" then i can confidently say its that rubbish.After installing that software he can lively view your desktop,even take control of your whole system (just like a remote desktop connection).

I used many firewalls but none of them seems to be working.I just cracked the admin passwords ,so that i can install any softwares there.

It works on the principle of client server model.

Is there any other way to avoid their monitoring.

Thanks

[lordwud 0]

use your own computer and your own internet connection.

edit: and even then you'll have to trust that some bored admin isn't sniffing traffic

Edited March 19, 2008 by Lord Wud

[sagarun 0]

This happens in college laboratory where i can't use my own personal computer!

[mirrorshades 3]

I love freedom,of course all of us too. In my college network my college admin use a software called "Admin magic" to spy all other users,in the network.

This software can be installed on any system without the knowledge of other users remotely,with administrator level authentication.

...

Is there any other way to avoid their monitoring.

This happens in college laboratory where i can't use my own personal computer!

So you're complaining because they've installed software that they want to on computers they own, and then let you use those computers on their network for free?

Good thing you love freedom.

I agree... if you object to the rules they set up for use of their computers, you need to find a way to use your own.

[Poetic-Justice 1]

my friend had something like that, but depending if the program starts when you login, (in your studants login script) you might be able to do something about it. If the program is on a network drive and only starts when you log in, try pulling out your network/lan cable....with some hope it will shutdown, and wont come back on the computer until someone else logs on...

Good luck! and remember,.....im not suggesting you do it

[livinded 9]

This happens in college laboratory where i can't use my own personal computer!

You can't bring a laptop into the library? The point is it's their computers and they can do whatever the hell they want on it. If you don't like them spying, don't use it.

[kitche 1]

This happens in college laboratory where i can't use my own personal computer!

You can't bring a laptop into the library? The point is it's their computers and they can do whatever the hell they want on it. If you don't like them spying, don't use it.

yeah livinded he said laboratory not library .

But yeah its' their computers they can do what ever they want to them

[w3lshrarebit 2]

Maybe I'm missing the point here, but wouldn't using a live cd or pendrive circumvent it?

[sagarun 0]

my friend had something like that, but depending if the program starts when you login, (in your studants login script) you might be able to do something about it. If the program is on a network drive and only starts when you log in, try pulling out your network/lan cable....with some hope it will shutdown, and wont come back on the computer until someone else logs on...

Good luck! and remember,.....im not suggesting you do it

No,Its not running from a network drive.I know we can avoid most of the restrictions which will be downloaded from the sever at the time of login by unplugging the network cable.

But in my case they install software from node to node without the knowledge of the user working on it..

And that damn windows firewall is not even notifying this...

The Admin magic software http://www.tools4ever.com/products/utilities/adminmagic/

[Poetic-Justice 1]

This happens in college laboratory where i can't use my own personal computer!

You can't bring a laptop into the library? The point is it's their computers and they can do whatever the hell they want on it. If you don't like them spying, don't use it.

yeah livinded he said laboratory not library .

But yeah its' their computers they can do what ever they want to them

What you fail to remember, is that he asked for help against a piece of software, not a debate on the ethics of privacy! If you've got nothing useful to say, dont say it! (or post it )

my friend had something like that, but depending if the program starts when you login, (in your studants login script) you might be able to do something about it. If the program is on a network drive and only starts when you log in, try pulling out your network/lan cable....with some hope it will shutdown, and wont come back on the computer until someone else logs on...

Good luck! and remember,.....im not suggesting you do it

No,Its not running from a network drive.I know we can avoid most of the restrictions which will be downloaded from the sever at the time of login by unplugging the network cable.

But in my case they install software from node to node without the knowledge of the user working on it..

And that damn windows firewall is not even notifying this...

The Admin magic software http://www.tools4ever.com/products/utilities/adminmagic/

Aaah, ok. well...these are some answers to a post similar to yours. They might help:

*get local administrator, then cmd, netstop "program name". Says user "Trick".

*you could always, like w3lshrarebit said, bring in a cd boot-up version of Knoppix of something...

Good luck anyway

[xantr3x 0]

Maybe I'm missing the point here, but wouldn't using a live cd or pendrive circumvent it?

I'm sure they'd be ecstatic about a student running unknown software on their computers.

[Poetic-Justice 1]

Maybe I'm missing the point here, but wouldn't using a live cd or pendrive circumvent it?

I'm sure they'd be ecstatic about a student running unknown software on their computers.

aah, good point...but you could use it during a lunch break or something, when the admin is having lunch...? couldnt you?

I assume your talking about a fairly normal (small) school, which hasnt got like 4 admins.

[cyb3r-dan 0]

Maybe I'm missing the point here, but wouldn't using a live cd or pendrive circumvent it?

I'm sure they'd be ecstatic about a student running unknown software on their computers.

aah, good point...but you could use it during a lunch break or something, when the admin is having lunch...? couldnt you?

I assume your talking about a fairly normal (small) school, which hasnt got like 4 admins.

At luch time is when they watch your better off in a lesson or even after school somewhere in the corner

[cyb3r-dan 0]

you could get dtaskmanager and kill it by the pid if you can we dont have privelages on taskman but we can kill pid's, thats how we killed ours.

[w3lshrarebit 2]

Maybe I'm missing the point here, but wouldn't using a live cd or pendrive circumvent it?

I'm sure they'd be ecstatic about a student running unknown software on their computers.

I used many firewalls but none of them seems to be working.I just cracked the admin passwords ,so that i can install any softwares there.

I don't think s/he cares and I'm pretty sure they're smart enough to know that they're assuming a risk no matter what they do. If anything, I'm steering him/her towards open source as opposed to (most likely as it's not the posters box) using warez to accomplish their desired task. As well, using a live cd/usb mitigates potential damage to the schools property as these distros are designed not touch the existing operating system or files unless instructed to do so.

[Poetic-Justice 1]

you could get dtaskmanager and kill it by the pid if you can we dont have privelages on taskman but we can kill pid's, thats how we killed ours.

The site is here <http://dimio.altervista.org/eng/>

Download it here <http://dimio.altervista.org/stats/download.php?id=4>

[Trikk 5]

Before you go on a spree of using software not allowed by the local Net Admin at your school, keep in mind it's THEIR network, and if they don't like what your doing on it, they can do anything they want, even expell you, esp. if you use a live CD that's used for pen testing such as BackTrack or such. It's like going to their house. They can do whatever they want there, you are a guest. If your whacking it in the guest room and they pop in and see, they are allowed to barge in since it's their home, your the one whacking it.

Okay, now on with the show.

One of the easiest ways to do this is to just see what services are running, because it's most likely running as a service. Go to the control panel and make sure that service is not running, if it is, close it. If you do not have administrative rights, try seeing if the registry is allowed. If so, here:

hxxp://seclists.org/bugtraq/2006/May/0492.html

This will get you SYSTEM privs. i believe by using a trick with the screen saver. You won't even have to login for this one.

Once you have the service name, you can stop it, or even create a batch file to automatically net stop it on the start up.

While you have that command prompt open, i'd suggest doing 'net user Guest Password /add' and 'net localgroup Administrators Guest /add' to add a account that has admin privs.

Now, just because you like your privacy, it isn't worth getting expelled out of college for. Keep in mind, they don't care what happens to you if you start tweaking their network to shit.

[Shadowdog1998 0]

aah, good point...but you could use it during a lunch break or something, when the admin is having lunch...? couldnt you?

I assume your talking about a fairly normal (small) school, which hasnt got like 4 admins.

lol actualy my high school has only 700 kids and we have 4 admins plus 1 hardware tech

[sagarun 0]

Is there any firewalls out there to prevent this software?

Why antivirus companies are not adding this piece of software as a security risk?

I want them to add it as a security risk,then How can i do this?,how can i report them?

Is there any other way to report this software?

Thanks h4xr

Edited March 23, 2008 by SAGA

[Poetic-Justice 1]

lol actualy my high school has only 700 kids and we have 4 admins plus 1 hardware tech

Hmm, i see your problem lol

[cyb3r-dan 0]

this could be a long and risky way. if your school has an admin account for a subject, find out the passwd i did by asking them lol. then there might be restrictions but you wont be using the account, remote desktop to the active directory server log in using the account, go control panel ,administrative tool, active directory users and computers. add your self as an local admin, then write a vbs to kill it

Set WshShell = WScript.CreateObject ("WScript.Shell")
WshShell.Run ("C:\Windows\system32\cmd.exe")
WScript.Sleep 400
WshShell.SendKeys "tskill Program name /a"
WshShell.SendKeys "{ENTER}"
Set oWS = WScript.CreateObject("WScript.Shell")
oWS.Run "%comspec% /c echo " & Chr(07), 0, True
WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
'Then' WScript.Quit

put the vbs somewhere were it wont get deleted, goto your user ,properties, and tell the file to start up when you log on.

but like i said it is risky. you could always make a new user and do the same as above.

[cyb3r-dan 0]

Is there any firewalls out there to prevent this software?

Why antivirus companies are not adding this piece of software as a security risk?

I want them to add it as a security risk,then How can i do this?,how can i report them?

Is there any other way to report this software?

Thanks h4xr

dont they check out the software before hand, and if you find out the antivirus the school uses and reports it, even better because it would delete on the next update, thanks you have given me an idea

[sagarun 0]

Is there any firewalls out there to prevent this software?

Why antivirus companies are not adding this piece of software as a security risk?

I want them to add it as a security risk,then How can i do this?,how can i report them?

Is there any other way to report this software?

Thanks h4xr

dont they check out the software before hand, and if you find out the antivirus the school uses and reports it, even better because it would delete on the next update, thanks you have given me an idea

yeah,i too believe reporting it to a anti virus is a better way!!!!

[mirrorshades 3]

dont they check out the software before hand, and if you find out the antivirus the school uses and reports it, even better because it would delete on the next update, thanks you have given me an idea

yeah,i too believe reporting it to a anti virus is a better way!!!!

Are you guys seriously suggesting reporting the Admin Magic program to AV vendors as malware? You do realize that actual people create the virus definitions, right? It's not just an automated process that happens when you report a file to them. If that were the case, things like WINWORD.EXE and IEXPLORE.EXE would have gotten spanked a long, long time ago. But if you try it and they write back, do share what they said. Might be good for some lulz.

Out of all the options presented, I'd say that the LiveCD option is probably the most likely to work out. Sure, it's possible to lock down an ethernet connection and disable booting from CD, that kind of thing would only get in the way of the IT staff and would not likely present a real barrier on a shared/community workstation. And while the sysadmin hat I wear makes me raise an eyebrow at the thought of circumventing IT policy, that's probably the least destructive way you could go about it (as long as you don't do something silly, like trash the local computer's filesystem). Find one of those distros that uses a LiveCD in conjunction with a USB drive to save your prefs, and you'd probably be good to go.

Also extra prestige, as the others in the lab look at the strange GUI and observe in silent awe and reverence, wondering what sort of super-human tech wizard you really are. Women will swoon, and venture capitalists will appear and begin throwing money at you.

No really.

It could happen.

[Majest|c 5]

#1 Overall, it is not your property to mess with!

#2 As a student, I am sure you signed all the paperwork, and that will bind you to thier rules and rugulations, and makes you the person that will get in trouble for breaking any rules set by the IT people on that campus!

#3 Are you really doing anything in that lab that is so against the rules, that you need to make it so the admin cannot watch? If you are, well then your screwed! Why not get a copy of the said program, set it up at your house, and work against it that way, If so finding anything that can or will work against it, bring a presentation to the Network or IT people, and show how it CAN be done in the lab, and maybe show or help them fix it so the system is secure!

Why risk your future in attempting this on thier computers, when you cando it on your own and even legally on your own network at home?