eset ekrn.exe and mail.newit.ru

Discussion in 'ESET NOD32 Antivirus' started by MMurph, Feb 8, 2011.

Thread Status:
Not open for further replies.
  1. MMurph

    MMurph Registered Member

    Joined:
    Feb 8, 2011
    Posts:
    3
    I have noticed that I had a connection that would come and go to mail.newit.ru in netstat. Upon futher investigation using netstat -b I got this -

    TCP 5B-226-MM3:18343 mail.newit.ru:http ESTABLISHED 580 [ekrn.exe]

    It would seem ekrn.exe is responsible for this connection. Is this correct or has something infected my ekrn.exe? Does eset make use of a Russian IT company? I just am trying to figure out if something is wrong or not.


    eset Nod32 3.0.695.0
    Virus signature database: 5857 (2011020:cool:
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1293 (20101110)
    Advanced heuristics module: 1115 (20101116)
    Archive support module: 1124 (20101214)
    Cleaner module: 1050 (20101207)
    Anti-Stealth support module: 1024 (20101227)
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps you're using Win XP or older when all HTTP / POP3 traffic is routed via ekrn?
     
  3. MMurph

    MMurph Registered Member

    Joined:
    Feb 8, 2011
    Posts:
    3
    I am using this on XP. So they use ekrn.exe to communicate. Fine I guess. But why would ekrn talk to a .ru site? I didn't think eset nod was a russian product. Kaspersky is, but I didn't eset was. So what's up with this?
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    it is not talking to it, it is checking it and any other links go through Eset app
     
  5. MMurph

    MMurph Registered Member

    Joined:
    Feb 8, 2011
    Posts:
    3
    I don't think that's the case. I'm a US user. My PC is establishing a connection to mail.newit.ru that I see in netstat. Doing a netstat -b shows what program is using the connection. It shows ekrn.exe. I don't have any connections to the russian site open in any browser or app. If I did I should also see it listed in netstat with iexplore.exe or what ever browser is open. So is my ekrn.exe infected or is this by design? If by design it's surprising as eset isn't in russia as far as I know unless they contracted with some company.
     
  6. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    You can set the POP3 / HTTP scanner to scan only selected applications and make the appropriate selection. If it's other than one of the selected applications that connects to mail.newit.ru, you should see it in a nestat listing then.
     
Thread Status:
Not open for further replies.