T
the K
I suspect there is malware on my machine because of spikes of up to 100% CPU
usage. I have Eset's Nod 32 antivirus software and one of it's files,
ekrn.exe looks suspicious. I downloaded Sysinternal's TCPView, but there's
not much documentation on it and I'm not network savvy.
To begin with, what do the various connection states aside from Establisthed
mean in TCPView?
I see one connection where the remote address is localhost:1081. What type
of connection does that represent?
Here's the suspicious part, the ekrn.exe process has established connections
with websites I'm not aware of after clicking Whois on that row. Furthermore,
when I closed one of the connections, 8 ekrn.exe rows appeared with
Establisthed connections, some of which display errors when I click Whois.
From what I've explained, would you think that this process has been hacked
to accomodate malware?
usage. I have Eset's Nod 32 antivirus software and one of it's files,
ekrn.exe looks suspicious. I downloaded Sysinternal's TCPView, but there's
not much documentation on it and I'm not network savvy.
To begin with, what do the various connection states aside from Establisthed
mean in TCPView?
I see one connection where the remote address is localhost:1081. What type
of connection does that represent?
Here's the suspicious part, the ekrn.exe process has established connections
with websites I'm not aware of after clicking Whois on that row. Furthermore,
when I closed one of the connections, 8 ekrn.exe rows appeared with
Establisthed connections, some of which display errors when I click Whois.
From what I've explained, would you think that this process has been hacked
to accomodate malware?