Jump to content


  • Posts

  • Joined

  • Last visited

About altangerel

  • Rank

Profile Information

  • Location
  1. Hi all, Where does ESET RA server download virus signature updates? Our server tries to connect to tsm02.eset.com domain (, over HTTP, but snort identifies these connection as a malware-cnc RAT update. We tried to investigate the cause of that problem, and found some suspicious things in the HTTP post data. There is possible bot update command: hxxp://fast.onoodor.com:443/update?id=ff64a2f9 in post data. Anyone know about this? Regards, Altangerel
  2. Dears, We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain. Is there any legal operation that connects to airforce.rr.nu in Nod32? Regards, Altangerel network_mon.bmp
  3. Hi Marcos, Log entry is below: Startup scanner file Operating memory » svchost.exe(1616) a variant of Win32/Korplug.A trojan unable to clean
  • Create New...