Jump to content
blackbow

Marking su2.ff.avast.com as malicious?

Recommended Posts

I'm new to the forums, as well as fairly new to Windows after switching 10 months ago from Macs, so please bear with me.

 

I'm getting popups every few minutes (sometimes more often) telling me Malwarebytes is blocking su2.ff.avast.com as a malicious website (outgoing traffic). Is this legit, or a false positive?

 

I have the premium version of MBAM, the free version of Anti-Exploit, and the free version of Avast! Antivirus. I'm currently running a full Malwarebytes scan, which has been running over an hour and so far has turned up clear.

 

If it matters, I have a clean machine as far as I know; neither MBAM or Avast has ever shown detected objects after scanning. Running Win 10. Thanks!!!

 

 

Share this post


Link to post
Share on other sites

Hello and :welcome: :
 
Possible IP block False Positives are actually handled in a special area of the forum.
 
If you would, please do the following:

 

  • Please start with the advice in this pinned topic >>HERE<<.
  • Then, please post the requested information (especially the IP being blocked) in a new post >>HERE<<.
  • If possible, it would help a great deal if you could also include there the MBAM PROTECTION log (not the scan log) showing the IP blocks (instructions follow).

The team will review the information and advise you accordingly.

 

EDIT: It looks as if another user has already reported some of the same observations HERE. But -- as of the moment -- the actual IP being blocked is still needed.
 
Thanks,
-----------------

How to get SCAN logs or PROTECTION logs:
(Export log to save as a txt file for posting in the forum when requested)

  • Open MBAM.
  • Click on the HISTORY tab > APPLICATION LOGS.
  • Double-click on the SCAN LOG which shows the date and time of the scan just performed (or the one you are asked to post), OR on the PROTECTION LOG showing the detection you are reporting (or the one that you are asked to post).
  • Click EXPORT.
  • Click TEXT FILE (*.txt)
  • In the "Save File" dialog box which appears, click on DESKTOP.
  • In the FILE NAME box, type a name for your saved scan or protection log.
  • A message box named "File Saved" should appear, stating that "Your file has been successfully exported".
  • Click OK.
  • Please attach the saved log to your next reply here in this thread.

Share this post


Link to post
Share on other sites

Thank you so much! I'll keep an eye on the other topic, and follow the steps you recommended as soon as I can (by the end of the day). Cheers!

Share this post


Link to post
Share on other sites

su2.ff.avast.com doesn't actually resolve here (NXDOMAIN), but Avast hostnames usually reside on their own ASN (it was last seen on 77.234.43.60)

 

The block on 92.242.140.21 isn't an F/P.

Share this post


Link to post
Share on other sites

{{Never mind -- @MysteryFCM beat me to it}}

 

Howver: Can you please post your entire PROTECTION log as a .TXT attachment here, as previously requested?

 

Thanks!

Share this post


Link to post
Share on other sites

Will do, and I appreciate the quick response. Since like I said, I'm somewhat new to Windows, do I need to be concerned? Other than running full scans, is there anything I need to do/remove? Have I been infected? Sorry for asking so many questions.

Share this post


Link to post
Share on other sites

Hi:

 

I'm not qualified to say for sure.

 

If you could please take moment to post that protection log, as explained in Reply #2, that would help a lot, for starters.

 

The Research Team will review the information and advise you.

 

Thanks,

Share this post


Link to post
Share on other sites

Sorry, missed that post. Here it is:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 9/9/2015 11:37 AM, SYSTEM, ***, Scheduler, Malware Database, 2015.9.9.1, 2015.9.9.6,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 11:37 AM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Update, 9/9/2015 12:52 PM, SYSTEM, ***, Scheduler, IP Database, 2015.7.24.3, 2015.9.9.1,
Update, 9/9/2015 12:52 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.7.24.2, 2015.9.9.1,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 12:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 12:53 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51996, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:53 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 51996, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52017, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 12:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52049, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52137, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:02 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52143, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52145, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:05 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52148, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:08 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52151, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:11 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52157, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:13 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52163, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:16 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52166, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52171, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:20 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52174, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:23 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52179, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:25 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52182, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:27 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52185, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52191, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 1:30 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.1, 2015.9.9.2,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52219, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:30 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52219, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:34 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52224, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:35 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52226, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:38 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52229, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:40 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52393, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:41 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52420, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52486, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 1:45 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.2, 2015.9.9.3,
Update, 9/9/2015 1:45 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.8.1, 2015.9.9.1,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 1:45 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 1:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52663, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52663, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Scan, 9/9/2015 1:47 PM, SYSTEM, ***, Manual, Start:9/9/2015 1:46 PM, Duration:1 min 9 sec, Hyper Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 9/9/2015 1:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52698, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52698, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52701, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:54 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52704, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52708, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 1:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52752, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52781, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:02 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52784, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:04 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52808, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:06 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52860, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:09 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52937, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:13 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 52965, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:15 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53011, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53047, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:19 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53052, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:22 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53068, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:25 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53072, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53075, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:31 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53081, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:32 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53100, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:34 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53108, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53142, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 2:36 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.9.1, 2015.9.9.2,
Update, 9/9/2015 2:36 PM, SYSTEM, ***, Scheduler, Domain Database, 2015.9.9.3, 2015.9.9.5,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 2:36 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 2:37 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 2:39 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53333, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:39 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53333, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:40 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53441, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:41 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53447, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Update, 9/9/2015 2:43 PM, SYSTEM, ***, Scheduler, AKA Domain Database, 2015.9.9.2, 2015.9.9.3,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Refresh, Starting,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopping,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Stopped,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Refresh, Success,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Starting,
Protection, 9/9/2015 2:43 PM, SYSTEM, ***, Protection, Malicious Website Protection, Started,
Detection, 9/9/2015 2:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53599, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:44 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53599, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:46 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53646, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:47 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53662, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:49 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53667, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:51 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53719, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:52 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53739, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:54 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53754, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:56 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53788, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 2:58 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53802, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:01 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53858, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Scan, 9/9/2015 3:02 PM, SYSTEM, ***, Manual, Start:9/9/2015 1:48 PM, Duration:1 hr 13 min 11 sec, Custom Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Detection, 9/9/2015 3:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53900, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:03 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53900, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:04 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53954, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:06 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 53989, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:07 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54005, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:08 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54016, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:11 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54083, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:12 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54179, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:15 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54572, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:17 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54605, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:20 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54637, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:21 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54659, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:23 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54679, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:26 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54720, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,
Detection, 9/9/2015 3:28 PM, SYSTEM, ***, Protection, Malicious Website Protection, IP, 92.242.140.21, su2.ff.avast.com, 54734, Outbound, E:\Program Files\AVAST Software\Avast\AvastSvc.exe,

(end)

Share this post


Link to post
Share on other sites

Hi:
 

FYI
 
An uberevangelist on the Avast forum says that this is a sub-domain of avast.com.


Actually:
 

Just to clarify, 92.242.140.21 belongs to a known DNS hijacker (Verizon users will no doubt have seen this particular one before for example, as they were using Barefruit (the company that owns the IP) to redirect NXDOMAIN (non-resolving hostnames) to their own "search" pages/portals).


And that is why users seeing this block have been given this advice by Malwarebytes staff:
 


Thank you,

Share this post


Link to post
Share on other sites

It is indeed a subdomain of avast.com, but the IP in question does not belong to it, nor has it ever. For whatever reason. su2.ff.avast.com dropped out of DNS around March/April, when it was live, these were its actual IPs;

su2.ff.avast.com.	A	77.234.41.60su2.ff.avast.com.	A	77.234.41.61su2.ff.avast.com.	A	77.234.41.62su2.ff.avast.com.	A	77.234.41.63su2.ff.avast.com.	A	77.234.41.64su2.ff.avast.com.	A	77.234.41.65

At the time of writing, su2.ff.avast.com has no A record, or any other (CNAME, AAAA etc), and is thus, NXDOMAIN, which is why you're seeing it redirecting to the offending IP in question.

Share this post


Link to post
Share on other sites

I have Avast, MBAM Pro, Windows 7, & Verizon Fios. I primarily use Firefox, but even when the browser was closed, this message persisted constantly.

 

Changing the DNS settings to the google addresses did NOT solve the problem for me.

 

 

Share this post


Link to post
Share on other sites

Hello and :welcome: , @moonthirsty:
 

I have Avast, MBAM Pro, Windows 7, & Verizon Fios. I primarily use Firefox, but even when the browser was closed, this message persisted constantly.
 
Changing the DNS settings to the google addresses did NOT solve the problem for me.

 
The work needed to resolve this likely DNS hijacking issue cannot be performed in this particular area of the forum.
Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue.

Thanks,

Share this post


Link to post
Share on other sites

As mentioned, this is an Avast issue (at least partially), due to the use of a hostname that does not resolve (and hasn't done for months), consequently, and depending on ISPs, configs etc, this results in the resolution and subsequent redirection, to content on a Barefruit IP that has no relation to Avast.

 

One of two things that can be done in the meantime;

 

1. Add the following to the HOSTS file and either wait for or hope, Avast updates the DNS record or updates the software;

77.234.41.65 su2.ff.avast.com

2. Change your DNS provider (e.g. to Google (8.8.8.8, 8.8.4.4), OpenDNS (208.67.220.220, 208.67.222.222))

Share this post


Link to post
Share on other sites

I don't see how this can be an AVAST issue, since I am getting the same issue but I am NOT running AVAST! Also, it is probably NOT a coincidence that this just started happening after the new version of MB came out...never had any problems with the old version.

 

BTW I am running Bitdefender...

Share this post


Link to post
Share on other sites

It was alluded to as per the original hostname involved. Plain and simple.

 

If you're not running Avast, please post the offending hostname.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.