Not sure whether this is the right forum here.

I notices my Eset SS is trying to connect to 189.169.68.250 using port 17433. According to whois this server is located in Mexico. The process is ekrn.exe.

This is the screenshot of Eset traffic:
http://i38.tinypic.com/2u7t5oh.jpg

This is whois:
http://whois.domaintools.com/189.169.68.250

Searching for this "Gestión de direccionamiento UniNet" gives me info about some botnet server in Mexico:
http://www.google.ca/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=Xnc&q=%22Gesti%C3%B3n+de+direccionamiento+UniNet%22&btnG=Search&meta=
I am not sure what this is. I own a legal and purchased copy of Eset.

Anybody has an idea what is this? And why ekrn.exe..

Thank you.

- polocanada -

Hello,
What version of ESS are you using?

Version 3.0.621.

-{ Quote: "Version 3.0.621." }-
This one is quite old. Could you please install the latest version 3.0.672 to see if it makes a difference? Are you able to reproduce this behavior at any time?

I restarted the machine and checked for connections within Eset. No suspicious connections found at the moment other than connecting to the Eset update server. However I am still worried what that was. Hope not something very nasty hiding on my machine.

Will do the upgrade ...

Another question - I thought Eset would offer the engine update ? Do I have to run it manually every time?

I've occasionally seen the firewall catch 'ESET Service' making requests that should be coming from my browser. For example, if you put the firewall in interactive mode, then go to this (http://news.bbc.co.uk/1/hi/sci/tech/7687286.stm) page, and you click on one of the little flash players contained within the article, you'll see an outbound connection to 84.55.177.157. I can't repeat it, but only minutes ago ekrn.exe made one of the connection attempts (http://img65.imageshack.us/img65/9250/captureks6.jpg).

polocanada: were you browsing the web when this happened?

Hi..

I've noticed similar issues with the ESET Service. Every now and then, it attempts to connect to 127.0.0.1. I contacted ESET support and they think it's an internal connection but I don't think that is the case. I use a program called Ad Muncher which binds itself to the network stack so when I use the internet, connections are routed through 127.0.0.1. They also suggested it may be ESET scanning the webpage which could make sense but I always deny the traffic and the page loads perfectly fine.

When I disable Ad Muncher, ESET Service still attempts outgoing connections to remote addresses so it's definitely not an internal connection.

It only happens when using browsers. I do not use the ThreatSense system nor is there any settings whcih enable statistical data sending to ESET so i'm at a loss as to what exactly is causing the problems. My PC is completely malware free..have checked for rootkits, spyware, virus etc etc and all is well.

I have even tried a clean install of ESS but the issue is ongoing.

I'm using Vista Ultimate x32 and ESS v3.0.684.0 (Interactive mode).

Any help, suggestions or advice would be cool.

Thanks :)