Author Topic: random.ECL virus detected in mIRC (Read 4619 times)

emunity · « **on:** October 29, 2006, 10:19:38 AM »

THis happened to me once before to. I had an windows XP pro machine runnign for about 2 years with mIRC with no problems then one day Avast sais it has detected a virus in random.ECL file.

I haev a fresh windows XP machine I just installed with everything i need to keep it from attacks like viruses spyware of the malcious kind and tojans etc.

Between Avast and Syage firewall along with my BEFSR41 Linksys router with hardware firewall and ADaware plus popup blockers I am fairly safe.

Running mIRC is not exactly safe since it does open some ports that make it prone to viruses but I have to not to automatically accept any files.

WHy has Avast detected the random.ECL is infected? What could be going on? Anyhow I guranteened it uninstalled mIRC reinstalled it and it happens again over time.

Is it a false alarm?

igor · « **Reply #1 on:** October 29, 2006, 12:19:50 PM »

What's the filename where the malware is detected? It the exact malware name "random.ECL"? What version of VPS do you have right now?

emunity · « **Reply #2 on:** October 29, 2006, 12:39:34 PM »

That is the exact filename located in the mIRC dir latest version of mIRC and ltest version of VPS. current version (0643-8)

igor · « **Reply #3 on:** October 29, 2006, 12:47:13 PM »

Ah, I thought it's the name of the malware, not the name of the file.
So, what malware is avast! reporting in that file?

emunity · « **Reply #4 on:** October 29, 2006, 09:37:08 PM »

Well I told Avast to ignore it. WHat can I do to have it not ignore it and check it again.

I don't remember it saying any particular part of the file just the entire file was infected.

I want to check it again so how can I check it. Remember I told Avast to ignore it when it detected the virus because this happened in the past as I posted above.

THis is a very fresh install of Windows XP so there is no reason for any viruses.

I made sure Firewall was installled and anti-virus was installed before I connected to the interent. I had a copy of the Avast Home Edition so I did not have to download it again.

THanks

Lisandro · « **Reply #5 on:** October 29, 2006, 09:43:46 PM »

Quote from: emunity on October 29, 2006, 09:37:08 PM

Well I told Avast to ignore it. WHat can I do to have it not ignore it and check it again.
I want to check it again so how can I check it. Remember I told Avast to ignore it when it detected the virus because this happened in the past as I posted above.

Just scan with avast checking the option for 'archives' too.
The infected file should exist to be found, of course.
The ignore action is valid only for that particular scanning, so you need to start a new one.

Quote from: emunity on October 29, 2006, 09:37:08 PM

I don't remember it saying any particular part of the file just the entire file was infected.

Do you mean 'archive file' instead of 'file'?

emunity · « **Reply #6 on:** October 29, 2006, 11:50:55 PM »

Did the scan again and now it does not find any virsu in the mIRC folder. Does that make any sense at all?

Why would it report the first time the file random.ECL as a virus and now its fine.

Is it just some error on Avast part?

Keep in mind this has happened before on an older install of Windows XP Pro which is still running and on another system freshly installed Windows XP Pro and Freshly installed mIRC newest version.

In my opinion I think its a false postive result by Avast. I don't know what is triggering it to see it. This Avast usually gives me the notice when I do not do a scan.

I have it setup to system protection so it just pops up.

Anyhow what next?

Lisandro · « **Reply #7 on:** October 30, 2006, 12:16:26 AM »

Quote from: emunity on October 29, 2006, 11:50:55 PM

Did the scan again and now it does not find any virsu in the mIRC folder. Does that make any sense at all?

If the scan settings were the same at both scannings... I mean, archive and sensitivity level...
Are you sure the VPS has not being updated since the first scanning?

Quote from: emunity on October 29, 2006, 11:50:55 PM

In my opinion I think its a false postive result by Avast. I don't know what is triggering it to see it. This Avast usually gives me the notice when I do not do a scan.
I have it setup to system protection so it just pops up.
Anyhow what next?

Can you plese wait the next VPS update and if the virus alert (popup) appears again, than, let's start again... $:-\$

igor · « **Reply #8 on:** October 30, 2006, 10:09:05 AM »

Quote from: emunity on October 29, 2006, 09:37:08 PM

I don't remember it saying any particular part of the file just the entire file was infected.

No, I just meant - what was the name of the virus? I don't mean the file, but the name of the infection, shown in the virus dialog.

emunity · « **Reply #9 on:** October 30, 2006, 11:19:31 AM »

It happened again an I quaranteened it this time. it said it was a worm. It is of the MiMe family.

It sitting in the virus chest for now and mIRC is functioning just fine.

I am looking for the log and will also report here again when the next VPS.

emunity · « **Reply #10 on:** October 30, 2006, 11:22:59 AM »

Here was the log:

10/28/2006 10:02:17 PM SYSTEM 1820 Sign of "VME family" has been found in "C:\Program Files\mIRC\random.ECL" file.
10/29/2006 6:45:54 PM SYSTEM 1820 Sign of "MiME family" has been found in "C:\Program Files\mIRC\random.ECL" file.

Author Topic: random.ECL virus detected in mIRC (Read 4619 times)

emunity

random.ECL virus detected in mIRC

igor

Re: random.ECL virus detected in mIRC

emunity

Re: random.ECL virus detected in mIRC

igor

Re: random.ECL virus detected in mIRC

emunity

Re: random.ECL virus detected in mIRC

Lisandro

Re: random.ECL virus detected in mIRC

emunity

Re: random.ECL virus detected in mIRC

Lisandro

Re: random.ECL virus detected in mIRC

igor

Re: random.ECL virus detected in mIRC

emunity

Re: random.ECL virus detected in mIRC

emunity

Re: random.ECL virus detected in mIRC