Virus Kronos

Posted on 2016-10-21
Medium Priority
Last Modified: 2016-10-31
Hi Experts,

our firewall alerts me about connection to this IP:
It also alerts me about KRONOS Virus.
More and more machines are affected.

Can you help me with this ?
What kind of IP is it ?
What is KRONOS ?
How to get rid of it ?
Question by:Eprs_Admin
  • 2
LVL 12

Accepted Solution

andreas earned 1000 total points
ID: 41853510
The mentioned IP belongs to microsoft. So it might be legit communication. Which ports are involved on the PCs and on the remote site?

The KRONOS Virus hides itself inside the registry and does not leave infected files on the PC.
It can, steal passwords, record keystrokes and install other malware from the internet.


Author Comment

ID: 41853584
Ok I also checked, this IP is from Microsoft.
But why it is in combination with KRONOS ?
LVL 12

Expert Comment

ID: 41853619
Portnumbers may shed some light. So which ports on the IP the clients with the virus are trying to access?

What does a local AV-Scan, on a PC the firewall reports, show?
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 1000 total points
ID: 41854015
You should be more concerned to the local IP address which is trying to make connection with Kronos Virus on Microsoft IP.

Find the system and scan it, it might be infected already.


Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affec…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question