False Positives from Germany due to AVAST

[questorfla]

I was just Googling the instances of Malwarebytes appearing to block the update service of the anti-virus program AVAST.exe since I just started noticing that happening to me as well. In the particular thread I was reading, it appeared that one or more people were having the same problem that I am and I was following along on the 'what to do about it' advice. At some point, I noticed that someone had checked the IP address being blocked and it came back as an outfit in Germany called LeaseWeb. Not knowing anything about how German Internet is handled, with a name like that, I figured it could be that ALL the IP addresses in Germany eventually go though that one company (although that would sound more like China I would think) Anyway, I will cut to the chase. I just thought I would check to see if my problem was the same IP. It wasn't! I was just starting to feel relaxed until I plugged my own offending IP into the RIPE database and guess what? My blocked IP (see info here) Port: 58561, Process: avastsvc.exe) 22:51:30 XXXXXX IP-BLOCK >>>> 95.168.173.155 <<<<<< (Type: outgoing, )

Well, this IP is ALSO owned by the same "LeaseWeb" in Germany. Exactly the same people! Leaseweb Germany GmbH (previously netdirekt e. K.) How odd. So either there are a WHOLE lot of people out here who all have the same virus made in Germany and linked through AVAST...or what?? I don't really believe much in coincidences. I am going to look at some logs on some different systems (including a server or wo) that I vaguely remember checking some odd attempts to break thorough the firewall. We get them all the time. Most are nothing much. But we have had a seriously large number coming from China. And they look to be pros as they are trying every possible angle, probably running some kind of brute force attack software. But there were a few that I remember seeing and I vaguely remember that when I checked the source on them, they also came back as somewhere in Germany. I did not look very hard as they were very few compared to the obvious brute force attempt

Out of all the hacks that have attempted entry,you would think that there would be some kind of mixture involved. Every one that tries to "hide" behind an AVAST update can't be based in either China or Germany. But right now, if I see one more on any of the systems I use and trace it back to the same "Leaseweb" people.... Well, what exactly should I start looking for?

And correct me if I'm wrong but wasn't there a problem recently with AVAST reporting MalwareBytes as being some kind of "virus"? see: "Avast Free AV Blocks Malwarebytes Update

« on: August 23, 2011, 09:53:23 PM »"

So are you two having a "who-gets-who" battle? I just windered as I am a VAR and I have used both programs for many years and never had these issues before. I also have recommended the same "mix" of protection to many people.

So I am just checking to see if anyone else has notice this same kind of "both say the other is the bad guy" kind of action going on.

[exile360]

Greetings

The two should work just fine together. It is not Avast!'s updating service being blocked. Avast! actually uses a driver to capture all incoming and outgoing traffic to and from your PC to check the traffic for infections. This makes Windows (and thus Malwarebytes as well) believe that the process initiating the connections is Avast!'s process, even if it is your internet browser. Please refer to Section G of our FAQ where it says Why is Malwarebytes' blocking my antivirus?.