altangerel 0 Posted September 27, 2013 Posted September 27, 2013 Dears, We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain. Is there any legal operation that connects to airforce.rr.nu in Nod32? Regards, Altangerel network_mon.bmp
Bart 4 Posted September 27, 2013 Posted September 27, 2013 Hi Please don't forget that ekrn.exe is connected with any process runing on Your machine also which is connecting with domains ( http scanning ) so sugestion is that You should generate sysinspector log and check machine connections - here You will see what is the real connection source
ESET Moderators Aryeh Goretsky 394 Posted September 27, 2013 ESET Moderators Posted September 27, 2013 Hello, My initial thought is EKRN.EXE is intercepting an access to that domain. You might want to create an ESET SysInspector log from one of the computers and forward it to support for further analysis, though. Regards, Aryeh Goretsky
Administrators Marcos 5,466 Posted September 28, 2013 Administrators Posted September 28, 2013 If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.
Recommended Posts