Jump to content
Noujou

infected by su2.ff.avast.com (IP: 92.242.140.21) - DNS Hijacking

Recommended Posts

Hi, I just created a account just to post here, although I've had MWB Pro for the better part of 1-2 years now

 

I have attached the files required Addition.txt and FRST.txt. Also I have attached my MWB Pro Protection Log, that shows just how many times it's blocked that malicious IP.

 

I ran a threat scan prior to all of this, to see if it could pick anything up, and it came back clean. In truth I'm not sure if my computer is infected or how it could have got infected, as this only started happening today. That being said if there is anything I can help to stop all of this, that would be great.

 

 

Thanks

Addition.txt

FRST.txt

MWB_ProtLog.txt

Share this post


Link to post
Share on other sites

As mentioned elsewhere, this is an Avast issue (at least partially), due to the use of a hostname that does not resolve (and hasn't done for months), consequently, and depending on ISPs, configs etc, this results in the resolution and subsequent redirection, to content on a Barefruit IP that has no relation to Avast.

One of two things that can be done in the meantime;

1. Add the following to the HOSTS file and either wait for or hope, Avast updates the DNS record or updates the software;

77.234.41.65 su2.ff.avast.com
2. Change your DNS provider as mentioned by TwinHeadedEagle (e.g. to Google (8.8.8.8, 8.8.4.4), OpenDNS (208.67.220.220, 208.67.222.222))

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.