ekrn.exe connects to 189.169.68.250 (17433) in Mexico

Discussion in 'ESET Smart Security' started by polocanada, Oct 22, 2008.

Thread Status:
Not open for further replies.
  1. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    Not sure whether this is the right forum here.

    I notices my Eset SS is trying to connect to 189.169.68.250 using port 17433. According to whois this server is located in Mexico. The process is ekrn.exe.

    This is the screenshot of Eset traffic:
    http://i38.tinypic.com/2u7t5oh.jpg

    This is whois:
    http://whois.domaintools.com/189.169.68.250

    Searching for this "Gestión de direccionamiento UniNet" gives me info about some botnet server in Mexico:
    http://www.google.ca/search?hl=en&c...de direccionamiento UniNet"&btnG=Search&meta=
    I am not sure what this is. I own a legal and purchased copy of Eset.

    Anybody has an idea what is this? And why ekrn.exe..

    Thank you.

    - polocanada -
     
    Last edited by a moderator: Oct 22, 2008
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    What version of ESS are you using?
     
    Last edited: Oct 22, 2008
  3. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    Version 3.0.621.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This one is quite old. Could you please install the latest version 3.0.672 to see if it makes a difference? Are you able to reproduce this behavior at any time?
     
  5. polocanada

    polocanada Registered Member

    Joined:
    Aug 19, 2007
    Posts:
    60
    I restarted the machine and checked for connections within Eset. No suspicious connections found at the moment other than connecting to the Eset update server. However I am still worried what that was. Hope not something very nasty hiding on my machine.

    Will do the upgrade ...

    Another question - I thought Eset would offer the engine update ? Do I have to run it manually every time?
     
  6. jmc777

    jmc777 Registered Member

    Joined:
    Aug 6, 2004
    Posts:
    244
    I've occasionally seen the firewall catch 'ESET Service' making requests that should be coming from my browser. For example, if you put the firewall in interactive mode, then go to this page, and you click on one of the little flash players contained within the article, you'll see an outbound connection to 84.55.177.157. I can't repeat it, but only minutes ago ekrn.exe made one of the connection attempts.

    polocanada: were you browsing the web when this happened?
     
  7. nickster_uk

    nickster_uk Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    190
    Hi..

    I've noticed similar issues with the ESET Service. Every now and then, it attempts to connect to 127.0.0.1. I contacted ESET support and they think it's an internal connection but I don't think that is the case. I use a program called Ad Muncher which binds itself to the network stack so when I use the internet, connections are routed through 127.0.0.1. They also suggested it may be ESET scanning the webpage which could make sense but I always deny the traffic and the page loads perfectly fine.

    When I disable Ad Muncher, ESET Service still attempts outgoing connections to remote addresses so it's definitely not an internal connection.

    It only happens when using browsers. I do not use the ThreatSense system nor is there any settings whcih enable statistical data sending to ESET so i'm at a loss as to what exactly is causing the problems. My PC is completely malware free..have checked for rootkits, spyware, virus etc etc and all is well.

    I have even tried a clean install of ESS but the issue is ongoing.

    I'm using Vista Ultimate x32 and ESS v3.0.684.0 (Interactive mode).

    Any help, suggestions or advice would be cool.

    Thanks :)
     
Thread Status:
Not open for further replies.