Jump to content
spimby

su2.ff.avast.com - being blocked

Recommended Posts

Hello,

 

Today multiple people in my house (all using Avast! Antivirus) are getting a malicious website blocked message for the site su2.ff.avast.com .  I'm assuming this is a false positive?

 

Thanks!

Share this post


Link to post
Share on other sites

Please post the actual IP being blocked.

Share this post


Link to post
Share on other sites

hehe yep, just replied to it :)

 

That IP isn't associated with Avast (never has been), and curiously, su2.ff.avast.com doesn't resolve here (its NXDOMAIN). Their hostnames are usually found residing on their own IP space (last seen on 77.234.43.60)

Share this post


Link to post
Share on other sites

Just to clarify, 92.242.140.21 belongs to a known DNS hijacker (Verizon users will no doubt have seen this particular one before for example, as they were using Barefruit (the company that owns the IP) to redirect NXDOMAIN (non-resolving hostnames) to their own "search" pages/portals).

Share this post


Link to post
Share on other sites

Sorry if this is a dumb question, but like I posted in my other topic (since I'm new-ish to Windows) -- do I need to be concerned? I've run full scans of both MBAM and Avast; both came up clean.

Share this post


Link to post
Share on other sites

We are also avast and MB users with this same error popping up all day from 92.242.140.21 .... sorting through a long list of threads for something to let me know what to do ..... it feels like a needle in a haystack at the moment.

Share this post


Link to post
Share on other sites

it is an avast-issue.. the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does NOT resolve to an IP address and therefore the connection is redirected to the "92.242.140.21" IP address which is being flagged by the MBAM program..

 

y'all need to take up this issue with avast.. tell avast that the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does not resolve to an IP address and, so, the connection is redirected to the "92.242.140.21" IP address which is flagged by the MBAM program..

Share this post


Link to post
Share on other sites

As mentioned, this is an Avast issue (at least partially), due to the use of a hostname that does not resolve (and hasn't done for months), consequently, and depending on ISPs, configs etc, this results in the resolution and subsequent redirection, to content on a Barefruit IP that has no relation to Avast.

 

One of two things that can be done in the meantime;

 

1. Add the following to the HOSTS file and either wait for or hope, Avast updates the DNS record or updates the software;

77.234.41.65 su2.ff.avast.com

2. Change your DNS provider (e.g. to Google (8.8.8.8, 8.8.4.4), OpenDNS (208.67.220.220, 208.67.222.222))

Share this post


Link to post
Share on other sites

Same problem as others which just started for me today, and Iam also avast and verizon/fios user .

 

As mentioned it being an Avast thing , of which a very simular problem has happened in the past with Avast . With any luck next update will clear it up 'cause the constant pop-ups are driving me crazy ! :P

Share this post


Link to post
Share on other sites

Same thing is happening to me also.

Not only am I seeing it with Avast, but also AOL Topspeed, Viewpoint.

I also use Verizon FIOS and this only started at mid day today.

Share this post


Link to post
Share on other sites

I have the same issue, although with Facebook urls instead of Avast. I also use Verizon FIOS. I do not use Avast at the moment, although I am using Premium Malwarebytes and it gives numerous pop ups.

 

@MysteryFCM How do I do that exactly?

Share this post


Link to post
Share on other sites

Changing your DNS provider should fix the problem:

Change your DNS provider to OpenDNS or Google

OpenDNS use: 208.67.220.220 and 208.67.222.222
Google use: 8.8.8.8 and 8.8.4.4

These two links should help you change the settings:
http://208.69.38.205/
http://www.isitdownrightnow.com/how-to/setup-opendns-in-windows-7.html

====================================

Here's a good tutorial for the host file...make sure you look at the correct one for you operating system:
http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/

 

MrC

Share this post


Link to post
Share on other sites

Oh, and since there doesn't seem to be a way to edit, is this going to effect Macs as well as Windows machines(I assume so?)

Share this post


Link to post
Share on other sites

Just to check, this is being done by Verizon themselves or a blackhat hacker or...?

Also, according to http://www.computerhope.com/jargon/d/dnshijac.htmthere is a way to opt out? 

Just trying to make sure I understand what's going on.

Also, for my friends and family is there any free software that can help block these?

I believe it may be by Verizon

 

Oh, and since there doesn't seem to be a way to edit, is this going to effect Macs as well as Windows machines(I assume so?)

I'm not sure what you mean??

Share this post


Link to post
Share on other sites

I mean, is it something that effects Macs by Apple as well as PCs with Windows on it?

I'm not sure

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.