Web Directory
Viesearch - Life powered search
is one of those whispers.
To the uninitiated, the name sounds like a bizarre mashup of a Russian networking utility and a 1990s demoscene group. To those who have found it running in the background of a compromised server, it evokes a chill. IceProgs isn't just a piece of software; it is a philosophy of stealth, born from the golden era of LAN cafes and persistent remote control. Let’s dissect the name. Radmin (Remote Administrator) is a legitimate, commercial remote control software developed by Famatech. It is fast, lightweight, and notorious for being difficult to detect on a network because it doesn’t rely on standard ports like RDP (3389) or VNC (5900). It runs on port 4899 by default—unless you change it.
In the annals of system administration and gray-hat hacking, there are tools that scream for attention with fancy GUIs and noisy logos. Then there are the whispers. The ones that live in the margins of error logs and hide under the guise of legitimate Windows processes. radmin iceprogs
The attacker uses a loader (often called ice_setup.exe , ~450KB). Upon execution, the loader checks for active antivirus, disables Windows Firewall via legacy netsh commands, and drops the modified r_server.exe into C:\Windows\System32\Drivers\ .
Here is where the "Ice" magic happens. Instead of a login prompt, the victim sees nothing. The attacker, however, is presented with a window that looks exactly like the local Windows desktop—but it is a ghost. No remote cursor blinking. No tray icon. Just total, silent control. You might think a tool built on a protocol from the Windows XP era would be obsolete. You would be wrong. is one of those whispers
If you found this tool on your server, disconnect the Ethernet cable. Then, re-evaluate your firewall rules. And maybe check the webcam.
The attacker opens Radmin Viewer 3.4 (unmodified, because the viewer is legal). They enter the victim's IP, port 4899, and hit connect. IceProgs isn't just a piece of software; it
The "Ice" doesn't melt. It just waits for the next cmd.exe to spawn.
