Jump to content

Recommended Posts

Posted

Dears,

 

We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain.

Is there any legal operation that connects to airforce.rr.nu in Nod32?

 

Regards,

Altangerel

network_mon.bmp

Posted

Hi

 

Please don't forget that ekrn.exe is connected with any process runing on Your machine also which is connecting with domains ( http scanning ) so sugestion is that You should generate sysinspector log and check machine connections - here You will see what is the real connection source

  • ESET Moderators
Posted

Hello,

My initial thought is EKRN.EXE is intercepting an access to that domain. You might want to create an ESET SysInspector log from one of the computers and forward it to support for further analysis, though.

Regards,

Aryeh Goretsky

  • Administrators
Posted

If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...