Jump to content

ekrn.exe process tries to connect a malware domain


altangerel
 Share

Recommended Posts

Dears,

 

We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain.

Is there any legal operation that connects to airforce.rr.nu in Nod32?

 

Regards,

Altangerel

network_mon.bmp

Link to comment
Share on other sites

Hi

 

Please don't forget that ekrn.exe is connected with any process runing on Your machine also which is connecting with domains ( http scanning ) so sugestion is that You should generate sysinspector log and check machine connections - here You will see what is the real connection source

Link to comment
Share on other sites

  • ESET Moderators

Hello,

My initial thought is EKRN.EXE is intercepting an access to that domain. You might want to create an ESET SysInspector log from one of the computers and forward it to support for further analysis, though.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

  • Administrators

If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...