Marking su2.ff.avast.com as malicious?

[blackbow]

I'm new to the forums, as well as fairly new to Windows after switching 10 months ago from Macs, so please bear with me.

 

I'm getting popups every few minutes (sometimes more often) telling me Malwarebytes is blocking su2.ff.avast.com as a malicious website (outgoing traffic). Is this legit, or a false positive?

 

I have the premium version of MBAM, the free version of Anti-Exploit, and the free version of Avast! Antivirus. I'm currently running a full Malwarebytes scan, which has been running over an hour and so far has turned up clear.

 

If it matters, I have a clean machine as far as I know; neither MBAM or Avast has ever shown detected objects after scanning. Running Win 10. Thanks!!!

 

 

[daledoc1]

Hello and :
 
Possible IP block False Positives are actually handled in a special area of the forum.
 
If you would, please do the following:

 

• Please start with the advice in this pinned topic >>HERE<<.
• Then, please post the requested information (especially the IP being blocked) in a new post >>HERE<<.
• If possible, it would help a great deal if you could also include there the MBAM PROTECTION log (not the scan log) showing the IP blocks (instructions follow).

The team will review the information and advise you accordingly.

 

EDIT: It looks as if another user has already reported some of the same observations HERE. But -- as of the moment -- the actual IP being blocked is still needed.
 
Thanks,
-----------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

• Open MBAM.
• Click on the HISTORY tab > APPLICATION LOGS.
• Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
• Click EXPORT.
• Click TEXT FILE (*.txt)
• In the "Save File" dialog box which appears, click on DESKTOP.
• In the FILE NAME box, type a name for your saved scan or protection log.
• A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
• Click OK.
• Please attach the saved log to your next reply here in this thread.

[blackbow]

Thank you so much! I'll keep an eye on the other topic, and follow the steps you recommended as soon as I can (by the end of the day). Cheers!

[daledoc1]

Just tell us, please: what is the IP being blocked????

 

It should be in the Protection log.

 

Thanks,

[blackbow]

92.242.140.21

 

Thanks!

[MysteryFCM]

su2.ff.avast.com doesn't actually resolve here (NXDOMAIN), but Avast hostnames usually reside on their own ASN (it was last seen on 77.234.43.60)

 

The block on 92.242.140.21 isn't an F/P.

[daledoc1]

{{Never mind -- @MysteryFCM beat me to it}}

 

Howver: Can you please post your entire PROTECTION log as a .TXT attachment here, as previously requested?

 

Thanks!

[blackbow]

Will do, and I appreciate the quick response. Since like I said, I'm somewhat new to Windows, do I need to be concerned? Other than running full scans, is there anything I need to do/remove? Have I been infected? Sorry for asking so many questions.

[daledoc1]

Hi:

 

I'm not qualified to say for sure.

 

If you could please take moment to post that protection log, as explained in Reply #2, that would help a lot, for starters.

 

The Research Team will review the information and advise you.

 

Thanks,

[blackbow]

Sorry, missed that post. Here it is:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/9/2015 11:37 AM, SYSTEM, ***, Scheduler, Malware Database, 2015.9.9.1, 2015.9.9.6,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Update, 9/9/2015 12:52 PM, SYSTEM, ***, Scheduler, IP Database, 2015.7.24.3, 2015.9.9.1,
Update, 9/9/2015 12:52 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.7.24.2, 2015.9.9.1,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 12:53 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51996, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:53 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51996, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52017, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52049, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52137, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:02 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52143, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52145, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:05 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52148, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:08 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52151, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:11 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52157, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:13 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52163, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:16 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52166, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52171, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:20 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52174, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:23 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52179, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:25 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52182, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:27 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52185, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52191, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 1:30 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.1, 2015.9.9.2,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52219, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52219, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:34 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52224, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:35 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52226, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:38 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52229, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:40 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52393, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:41 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52420, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52486, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 1:45 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.2, 2015.9.9.3,
Update, 9/9/2015 1:45 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.8.1, 2015.9.9.1,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 1:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52663, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52663, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Scan, 9/9/2015 1:47 PM, SYSTEM, ***, Manual, Start:9/9/2015 1:46 PM, Duration:1 min 9 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 9/9/2015 1:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52698, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52698, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52701, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:54 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52704, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52708, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52752, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52781, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:02 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52784, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:04 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52808, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:06 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52860, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:09 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52937, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:13 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52965, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:15 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53011, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53047, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:19 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53052, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:22 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53068, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:25 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53072, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53075, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:31 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53081, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:32 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53100, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:34 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53108, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53142, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 2:36 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.9.1, 2015.9.9.2,
Update, 9/9/2015 2:36 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.3, 2015.9.9.5,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 2:37 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 2:39 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53333, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:39 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53333, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:40 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53441, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:41 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53447, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 2:43 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.9.2, 2015.9.9.3,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 2:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53599, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53599, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:46 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53646, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53662, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53667, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:51 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53719, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53739, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:54 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53754, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53788, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53802, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53858, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Scan, 9/9/2015 3:02 PM, SYSTEM, ***, Manual, Start:9/9/2015 1:48 PM, Duration:1 hr 13 min 11 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 9/9/2015 3:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53900, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53900, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:04 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53954, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:06 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53989, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:07 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54005, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:08 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54016, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:11 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54083, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:12 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54179, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:15 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54572, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54605, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:20 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54637, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:21 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54659, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:23 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54679, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:26 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54720, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54734, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,

(end)

[digmorcrusher]

FYI

 

An uberevangelist on the Avast forum says that this is a sub-domain of avast.com.

[daledoc1]

Hi:
 

FYI
 
An uberevangelist on the Avast forum says that this is a sub-domain of avast.com.

Actually:
 

Just to clarify, 92.242.140.21 belongs to a known DNS hijacker (Verizon users will no doubt have seen this particular one before for example, as they were using Barefruit (the company that owns the IP) to redirect NXDOMAIN (non-resolving hostnames) to their own "search" pages/portals).

And that is why users seeing this block have been given this advice by Malwarebytes staff:
 

Please follow the instructions at:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Thank you,

[MysteryFCM]

It is indeed a subdomain of avast.com, but the IP in question does not belong to it, nor has it ever. For whatever reason. su2.ff.avast.com dropped out of DNS around March/April, when it was live, these were its actual IPs;

su2.ff.avast.com.	A	77.234.41.60su2.ff.avast.com.	A	77.234.41.61su2.ff.avast.com.	A	77.234.41.62su2.ff.avast.com.	A	77.234.41.63su2.ff.avast.com.	A	77.234.41.64su2.ff.avast.com.	A	77.234.41.65

At the time of writing, su2.ff.avast.com has no A record, or any other (CNAME, AAAA etc), and is thus, NXDOMAIN, which is why you're seeing it redirecting to the offending IP in question.

[hopper15]

This must be a WIN10 issue.  No issues with Avast and Malwarebytes in Win8.1

[MsKarma]

To clareify ... I have Avast and Malwarebytes Pro .. with Win 8.1 and we are all seeing the problem today.

[TwinHeadedEagle]

People are reporting that changing DNS settings to Google fixed the problem. You can try this yourself:

https://developers.google.com/speed/public-dns/docs/using?hl=en

[moonthirsty]

I have Avast, MBAM Pro, Windows 7, & Verizon Fios. I primarily use Firefox, but even when the browser was closed, this message persisted constantly.

 

Changing the DNS settings to the google addresses did NOT solve the problem for me.

 

 

[daledoc1]

Hello and , @moonthirsty:
 

I have Avast, MBAM Pro, Windows 7, & Verizon Fios. I primarily use Firefox, but even when the browser was closed, this message persisted constantly.
 
Changing the DNS settings to the google addresses did NOT solve the problem for me.

 
The work needed to resolve this likely DNS hijacking issue cannot be performed in this particular area of the forum.
Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

[MysteryFCM]

As mentioned, this is an Avast issue (at least partially), due to the use of a hostname that does not resolve (and hasn't done for months), consequently, and depending on ISPs, configs etc, this results in the resolution and subsequent redirection, to content on a Barefruit IP that has no relation to Avast.

 

One of two things that can be done in the meantime;

 

1. Add the following to the HOSTS file and either wait for or hope, Avast updates the DNS record or updates the software;

77.234.41.65 su2.ff.avast.com

2. Change your DNS provider (e.g. to Google (8.8.8.8, 8.8.4.4), OpenDNS (208.67.220.220, 208.67.222.222))

[FogMoose]

I don't see how this can be an AVAST issue, since I am getting the same issue but I am NOT running AVAST! Also, it is probably NOT a coincidence that this just started happening after the new version of MB came out...never had any problems with the old version.

 

BTW I am running Bitdefender...

[MysteryFCM]

It was alluded to as per the original hostname involved. Plain and simple.

 

If you're not running Avast, please post the offending hostname.

[MysteryFCM]

Please see:

 

https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/