Blocked/Monkif

From ITS Wiki - Information Technology Services - University of Rhode Island

Jump to: navigation, search
Poke.png Malware

This page is part of a category. To see more pages like this, go to the Malware index.

Identification

The Monkif/DlKroha trojan makes suspicious HTTP GET requests to servers in the 88.80.00/16 range (most often 88.80.5.3). This Activity is detected by the following snort signatures:

Snort Signatures

This infection triggers the following signatures:

  • ET TROJAN Monkif/DlKroha Trojan Activity HTTP Outbound
  • ET TROJAN Win32/Monkif Downloader Checkin

Removal

1. Download and install the free Malware Bytes software here.
2. Shut down the computer and restart in Safe Mode by hitting the F8 key as soon as the computer starts. Choose "Safe Mode with Networking".
3. Run Malware Bytes full scan on all internal hard disk drives.
4. Remove any infected objects.
5. Restart the computer

Tcpview could also be used to identify processes making connections to remote hosts in the 88.80.0.0/16 range.

If this does not work please call the Help Desk so that someone can help you further.


See Also