Jump to content

ekrn.exe process tries to connect a malware domain


Recommended Posts

Dears,

 

We were notified that our some client PC tries to connect a malware domain, which is airforce.rr.nu. We examined client pc and found that a process named ekrn.exe is trying to connect to that domain.

Is there any legal operation that connects to airforce.rr.nu in Nod32?

 

Regards,

Altangerel

network_mon.bmp

Link to post
Share on other sites

Hi

 

Please don't forget that ekrn.exe is connected with any process runing on Your machine also which is connecting with domains ( http scanning ) so sugestion is that You should generate sysinspector log and check machine connections - here You will see what is the real connection source

Link to post
Share on other sites
  • ESET Moderators

Hello,

My initial thought is EKRN.EXE is intercepting an access to that domain. You might want to create an ESET SysInspector log from one of the computers and forward it to support for further analysis, though.

Regards,

Aryeh Goretsky

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...