Solved

Virus Kronos

Posted on 2016-10-21
4
135 Views
Last Modified: 2016-10-31
Hi Experts,

our firewall alerts me about connection to this IP: 204.79.197.200
It also alerts me about KRONOS Virus.
More and more machines are affected.

Can you help me with this ?
What kind of IP is it ?
What is KRONOS ?
How to get rid of it ?
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
andreas earned 250 total points
ID: 41853510
The mentioned IP belongs to microsoft. So it might be legit communication. Which ports are involved on the PCs and on the remote site?

The KRONOS Virus hides itself inside the registry and does not leave infected files on the PC.
It can, steal passwords, record keystrokes and install other malware from the internet.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Kronos-A.aspx
0
 

Author Comment

by:Eprs_Admin
ID: 41853584
Ok I also checked, this IP is from Microsoft.
But why it is in combination with KRONOS ?
0
 
LVL 12

Expert Comment

by:andreas
ID: 41853619
Portnumbers may shed some light. So which ports on the IP the clients with the virus are trying to access?

What does a local AV-Scan, on a PC the firewall reports, show?
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 250 total points
ID: 41854015
You should be more concerned to the local IP address which is trying to make connection with Kronos Virus on Microsoft IP.

Find the system and scan it, it might be infected already.

Sudeep
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question