View Full Version : ECLPRO + Trojan
Rafterman
19th September 2005, 14:10
As Robot1 visits this forum I will post this here.
I Have just updated my def's for "Ewido Security Suite" and it is identifyig EclPro.exe(autoit-v3 -.42) as being infected with a "Trojan.KillApp.i". Even when I reverted to a previous version of eclpro.exe it still identified it as a Trojan. I downloaded the compressed eclpro file from doom9 again and it identified it(unzipped) as a trojan again. Anybody else getting this reading. One thing, prior to updating the def's it was not happening.
Video Dude
19th September 2005, 16:49
Norton AntiVirus says its clean.
jdobbs
19th September 2005, 19:50
I just ran McAfee against it and it says it is fine too. It could be the one on your computer is getting infected somehow. What is the date and size of the one on your computer? Mine is 100,321 bytes long and is dated 8/3/2005 at 9:07pm.
aaron10
19th September 2005, 19:55
Sounds like the program may be using some form of heuristic logic, attempting to detect viruses using some proprietary algortithm before an explicit definition has been issued. Unfortunately, it finds enough of the characteristics of an archetypical virus in the file (according to the proprietary algorithm) and raises a proactive, but false, red flag.
aaron10
19th September 2005, 23:51
Just wanted to add that I ran a scan with Kaspersky (definitions an hour old) on Eclpro.exe (with the same properties that JDobbs details) and it came up squeaky clean.
Wheelie4
20th September 2005, 00:47
I got the same warning today in the v1.00RC6.0Pro installed folder.
http://img155.imageshack.us/img155/542/scan8kh.th.jpg (http://img155.imageshack.us/my.php?image=scan8kh.jpg)
I don't use EclPro.exe and I figured it could just be a false positive so I just quarantined it incase.
robot1
20th September 2005, 01:24
I've tried their online scanner, and I've found false positive alerts for every AutoIT program.
Anyway, here is the source of EclPRO.
You could try to compile it with the latest version of AutoIT (3.1.1).
Rafterman
20th September 2005, 22:32
After some investigation I am pretty sure this is what is called a false positive. As had already been said NAV 2005 reports it as clean as does Pest Patrol, Trend Antispyware,Xoftspy, AdAware, SpywareBlaster and Spybot. As this only arose with the second last release of their def's I suspect the Ewido scan seeks out apps developed with AutoIt as it appears some malware is written with this tool. Its a kind of a catch all sceanario. Not very satisfactory. I have informed Ewido of this so I'll await developments.
Jdobbs, It does not seem to matter what version of ECLPro you have installed. I immediatly reverted back to an earlier version with the same result. Its the version of Ewido's def's that instigated all this. Either way it Ewido's problem.
vBulletin® v3.8.11, Copyright ©2000-2026, vBulletin Solutions Inc.