altangerel
-
Posts
3 -
Joined
-
Last visited
Posts posted by altangerel
-
-
Dears,
We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain.
Is there any legal operation that connects to airforce.rr.nu in Nod32?
Regards,
Altangerel
-
Hi Marcos,
Log entry is below:
Startup scanner file Operating memory » svchost.exe(1616) a variant of Win32/Korplug.A trojan unable to clean
ESET update and Suspicious HTTP post data
in ESET NOD32 Antivirus
Posted
Hi all,
Where does ESET RA server download virus signature updates? Our server tries to connect to tsm02.eset.com domain (91.228.166.143, 91.228.166.11) over HTTP, but snort identifies these connection as a malware-cnc RAT update. We tried to investigate the cause of that problem, and found some suspicious things in the HTTP post data. There is possible bot update command: hxxp://fast.onoodor.com:443/update?id=ff64a2f9 in post data. Anyone know about this?
Regards,
Altangerel