Solved

Virus Kronos

Posted on 2016-10-21
4
112 Views
Last Modified: 2016-10-31
Hi Experts,

our firewall alerts me about connection to this IP: 204.79.197.200
It also alerts me about KRONOS Virus.
More and more machines are affected.

Can you help me with this ?
What kind of IP is it ?
What is KRONOS ?
How to get rid of it ?
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
andreas earned 250 total points
ID: 41853510
The mentioned IP belongs to microsoft. So it might be legit communication. Which ports are involved on the PCs and on the remote site?

The KRONOS Virus hides itself inside the registry and does not leave infected files on the PC.
It can, steal passwords, record keystrokes and install other malware from the internet.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Kronos-A.aspx
0
 

Author Comment

by:Eprs_Admin
ID: 41853584
Ok I also checked, this IP is from Microsoft.
But why it is in combination with KRONOS ?
0
 
LVL 12

Expert Comment

by:andreas
ID: 41853619
Portnumbers may shed some light. So which ports on the IP the clients with the virus are trying to access?

What does a local AV-Scan, on a PC the firewall reports, show?
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 250 total points
ID: 41854015
You should be more concerned to the local IP address which is trying to make connection with Kronos Virus on Microsoft IP.

Find the system and scan it, it might be infected already.

Sudeep
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OnPage: Incident management and secure messaging on your smartphone
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question