• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

Virus Kronos

Hi Experts,

our firewall alerts me about connection to this IP: 204.79.197.200
It also alerts me about KRONOS Virus.
More and more machines are affected.

Can you help me with this ?
What kind of IP is it ?
What is KRONOS ?
How to get rid of it ?
0
Eprs_Admin
Asked:
Eprs_Admin
  • 2
2 Solutions
 
andreasSystem AdminCommented:
The mentioned IP belongs to microsoft. So it might be legit communication. Which ports are involved on the PCs and on the remote site?

The KRONOS Virus hides itself inside the registry and does not leave infected files on the PC.
It can, steal passwords, record keystrokes and install other malware from the internet.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Kronos-A.aspx
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
Ok I also checked, this IP is from Microsoft.
But why it is in combination with KRONOS ?
0
 
andreasSystem AdminCommented:
Portnumbers may shed some light. So which ports on the IP the clients with the virus are trying to access?

What does a local AV-Scan, on a PC the firewall reports, show?
0
 
Sudeep SharmaTechnical DesignerCommented:
You should be more concerned to the local IP address which is trying to make connection with Kronos Virus on Microsoft IP.

Find the system and scan it, it might be infected already.

Sudeep
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now