Nod32 and joy4host.com

i m using nod32 3.0.414.0 RC1
today when i run omnipeek,
i found that there is an http connection to joy4host.com which was resolved from this ip address 209.190.9.34
i m not opening that website in internet explorer
so i run port explorer from diamond cs
i can't find anything there
i lookup that address in google n found that
that webpage is connected with a TR/agent.baf.1
i check the port which is connected to that site by using wireshark
i found that the port is 2037
i used a lot of programs to catch it red-handed
but i found that it just connects to that website for a very short time
or may b just a ping.
i don't know
but i found that it is connected by Nod32 finally in sysinternals tcpview
may b i can find it in other programs if i wait for it to show up
the fact is
why would nod32 connect such a website?
is it not joy4host?
if not what is that site?
nod32.com?
is it wrongly resolved by omnipeek?
waiting for ur answers.

 

that IP is not a known update server to my knowledge, and I do not recognize it as a known IP of any Eset site.

The fact you said that trojan resides on the site - would you REALLY think that Eset is sending you to this page?

Today I see this page has ZERO length index - so I am unsure what WAS there... let's wait for a comment from someone at Eset...

 

@webyourbusiness

With v3 it is really possible for ekrn.exe to have established the connection . As you know the kernel in v3 acts as a local proxy . Something that is monitored by EA (either using HTTP port or marked as web-browser or mail client) has made request to that IP ,the kernel has redirected the traffic, thus it was ekrn.exe to establish that connection .

As it was mentioned numerous times , I would suggestion that the OP contact ESET Technical support for more help if case he suspects being infected