Posted by hans2 on Mar 02, 2016; 5:25pm
URL: https://itus.accessinnov.com/Upgrade-to-1-51SP1-tp10p252.html

Gryphon33W wrote

However, I am concerned as I pulled down the ItusrestoreImage from dropbox and scanned with my ESAT NOD32 Antivirus it reports "C:\\ITUS Shield\Shield_FW_1.51\router.tar.gz » GZIP » router.tar » TAR » ./usr/lib/ettercap/ec_dos_attack.so - a variant of Linux/Flooder.Agent.AK trojan"

My thought was this was a false positive initially, but since downloading it ESAT has been reporting more folders unable to be scanned.

I am not 100% sure, maybe someone else can shed some light on this topic. This update is as-is coming from ITUS.

As Shield is intended to be an IPS/WF solution, in between your WAN and LAN, that actually scans connections I would assume this is OK. Likewise a KALI distribution (link)would create a lot of similar issues through a scan.
If the software was found on your laptop as part of a normal distribution I would be more concerned as it is normally used for MITM attacks.

I've googled this file, this is what I got:
https://www.virustotal.com/en/file/1db508d19c98d1d14a082467653274c48e5466572ce2803cdaa3d416d2741939/analysis/1435362387/
http://lewiscomputerhowto.blogspot.com/2014/03/perform-man-in-middle-attack-with-kali.html
https://pentestmag.com/ettercap-tutorial-for-windows/