?
Solved

Virus Kronos

Posted on 2016-10-21
4
Medium Priority
?
222 Views
Last Modified: 2016-10-31
Hi Experts,

our firewall alerts me about connection to this IP: 204.79.197.200
It also alerts me about KRONOS Virus.
More and more machines are affected.

Can you help me with this ?
What kind of IP is it ?
What is KRONOS ?
How to get rid of it ?
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
andreas earned 1000 total points
ID: 41853510
The mentioned IP belongs to microsoft. So it might be legit communication. Which ports are involved on the PCs and on the remote site?

The KRONOS Virus hides itself inside the registry and does not leave infected files on the PC.
It can, steal passwords, record keystrokes and install other malware from the internet.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Kronos-A.aspx
0
 

Author Comment

by:Eprs_Admin
ID: 41853584
Ok I also checked, this IP is from Microsoft.
But why it is in combination with KRONOS ?
0
 
LVL 12

Expert Comment

by:andreas
ID: 41853619
Portnumbers may shed some light. So which ports on the IP the clients with the virus are trying to access?

What does a local AV-Scan, on a PC the firewall reports, show?
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 1000 total points
ID: 41854015
You should be more concerned to the local IP address which is trying to make connection with Kronos Virus on Microsoft IP.

Find the system and scan it, it might be infected already.

Sudeep
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question