From ITS Wiki - Information Technology Services - University of Rhode Island

Jump to: navigation, search
Poke.png Malware

This page is part of a category. To see more pages like this, go to the Malware index.


The Monkif/DlKroha trojan makes suspicious HTTP GET requests to servers in the 88.80.00/16 range (most often This Activity is detected by the following snort signatures:

Snort Signatures

This infection triggers the following signatures:

  • ET TROJAN Monkif/DlKroha Trojan Activity HTTP Outbound
  • ET TROJAN Win32/Monkif Downloader Checkin


1. Download and install the free Malware Bytes software here.
2. Shut down the computer and restart in Safe Mode by hitting the F8 key as soon as the computer starts. Choose "Safe Mode with Networking".
3. Run Malware Bytes full scan on all internal hard disk drives.
4. Remove any infected objects.
5. Restart the computer

Tcpview could also be used to identify processes making connections to remote hosts in the range.

If this does not work please call the Help Desk so that someone can help you further.

See Also