Message Image

Skip main navigation (Press Enter).

Endpoint Protection Small Business Edition

View Only

Back to discussions

Expand all | Collapse all

IKNX.exe

Migration UserFeb 04, 2011 03:25 PM

We discovered a suspicious program titled IKNX.exe instantiated in the C:\Windows\Windows32\28356(?)\ ...

Thomas KFeb 04, 2011 03:29 PM

Please submit the threat to Security Response ASAP. We need to analyze this file(s) to get this added ...

Migration UserFeb 04, 2011 03:30 PM

submit the file to security response....call support..immediately

1. IKNX.exe

0 Recommend
Migration User
Posted Feb 04, 2011 03:25 PM

Reply Reply Privately
We discovered a suspicious program titled IKNX.exe instantiated in the C:\Windows\Windows32\28356(?)\ subdirectory. The program created an exception in the Windows Firewall to allow it to communicate to an external address u15364142.online-server.com:Ftp-data. The program infected three of our LAN clients running End-Point Protection, two of which are POS stations. We believe IKNX was used by an attacker to compromise customer credit card data.

Has anyone had experience with this code, it is apparently undefined by Symantec. The only reference we have found is to iKNX, an open source code (OpenRemote.org) for creating GUIs for the iPhone intended to control home and office appliances, lighting, computers, etc.

Thanks for any responses,

SRSCooks
2. RE: IKNX.exe

0 Recommend
Thomas K
Posted Feb 04, 2011 03:29 PM

Reply Reply Privately
Please submit the threat to Security Response ASAP. We need to analyze this file(s) to get this added to our definition DB.

Can I ask why you were running the Windows firewall and not the one included with SEP?

http://www.symantec.com/business/security_response/submitsamples.jsp
3. RE: IKNX.exe

0 Recommend
Migration User
Posted Feb 04, 2011 03:30 PM

Reply Reply Privately
submit the file to security response....call support..immediately

Copyright 2019. All rights reserved.

Powered by Higher Logic