Jump to content

ekrn.exe process tries to connect a malware domain

altangerel

By altangerel
in ESET NOD32 Antivirus

 Share

Recommended Posts

altangerel

altangerel 0

Posted
Posted

Dears,

 

We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain.

Is there any legal operation that connects to airforce.rr.nu in Nod32?

 

Regards,

Altangerel

network_mon.bmp

Link to comment
Share on other sites
Bart

Bart 4

Posted
Posted

Hi

 

Please don't forget that ekrn.exe is connected with any process runing on Your machine also which is connecting with domains ( http scanning ) so sugestion is that You should generate sysinspector log and check machine connections - here You will see what is the real connection source

Link to comment
Share on other sites
  • ESET Moderators
Aryeh Goretsky

Aryeh Goretsky 378

Posted
  • ESET Moderators
Posted

Hello,

My initial thought is EKRN.EXE is intercepting an access to that domain. You might want to create an ESET SysInspector log from one of the computers and forward it to support for further analysis, though.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

If your system is Windows XP or Windows 2000, any application communicating via http will generate a communication via ekrn.exe which works as a local proxy.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...