Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on September 10, 2015, 12:06:57 AM
-
My malwarebytes keeps telling me that there is malware with the domain of su2.ff.avast.com, IP Address 92.242.140.21 Port 50183 Outbound in Avstsvc.exe
I am not sure what this is and why this is happening. How can I fix it.
I run Malwarebytes and my Avast and neither of them find any issues.
Regards,
-
Same exact pop-ups here. First time this happened to me starting earlier today. It's still popping up.
-
my malwarebytes has also detected it...it won't stop, popping up about every 2-3 minutes...ran a scan and cleaned computer and all is good, nothing found, so definitely has to be on avasts side of things since many others are also having the same issue...very very annoying
-
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn't do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.
AS you can see these are sub-domains of avast.com.
-
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn't do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.
AS you can see these are sub-domains of avast.com.
Thank you and Yes, temporarily disabling the Mailicious Website Protection on MBAM pro does stop the pop-ups. However, I don't feel comfortable surfing the web with it off though :).
Hopefully Avast can confirm this is not a real threat or MBAM will flag it.....
-
I looked at my MBAM a few minutes ago and it was stuck on updating. So I've restarted MBAM to complete the update (v2015.09.09.07) and no pop-ups notifying that ip so far. :)
-
I did the update and I am still getting the popups... This is crazy..
-
I did the update and I am still getting the popups... This is crazy..
Whoops. Sorry guys! Restarting MBAM disabled my protection the whole time... Go figure.
So I had to re-enable "Malware Protection" and "Malicious Website Protection", and did another update (v2015.09.10.01).
As of so far right now, there have been no pop-ups while the following protection settings are turned on. Will say if it happens again.
There are 2 threads about it on their site: https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/
I'm using Windows 7 btw.
EDIT: lol And the pop-up is happening again. Ugh! Hope this gets fixed.
-
Getting the same thing. Has been happening all day - including MBAM pop up every 2-3 minutes. Have run scans, nothing found. Rebooted computer, etc. Still happening. IP address look up says it's unallocated.barefruit.co.uk Class B: 92.242.0.0 - 92.242.255.255.
-
See here https://forum.avast.com/index.php?topic=176230.0
-
This is a freaking mess... Why can't someone put a fix out there.
-
In 24-hours I will find a new protection software and DELETE avast.
-
It would seem that Avast needs to update its client-side software and/or server configuration to resolve this issue. It's affecting a number of people (myself included) and it doesn't seem to be attributable to Malwarebytes. Of course, if Avast disagrees that's fine, but I would ask that Avast take up the issue with Malwarebytes and come to an agreeable solution. Each company telling all these people to contact the other company's support staff is a waste of everyone's time. Thanks!
-
Quote from another User...
it is an avast-issue.. the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does NOT resolve to an IP address and therefore the connection is redirected to the "92.242.140.21" IP address which is being flagged by the MBAM program..
y'all need to take up this issue with avast.. tell avast that the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does not resolve to an IP address and, so, the connection is redirected to the "92.242.140.21" IP address which is flagged by the MBAM program..
Avast please fix this otherwise you will be losing a lot of users...
-
This seems to be a DNS hijack as reported on Malewarebytes.
https://forum.avast.com/index.php?topic=176230.0
https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/
Many have changed their DNS which fixed the problem without disabling Malwarebytes.
Here is a link to change your DNS.
https://developers.google.com/speed/public-dns/docs/using?hl=en
-
I have decided to remove Avast and go to Webroot...
-
I have decided to remove Avast and go to Webroot...
Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.
-
I have decided to remove Avast and go to Webroot...
Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.
Not necessarily true Bob, as far as Malwarebytes are concerned the detection is positive and appears to be a DNS hijacking as the IP in question is not related to Avast.
Malwarebytes being a system hog isn't part of this topic but as you raised it then I'll answer it, Malwarebytes plays well with all AV's I've tested it with ( and that is many ) as long as exclusions are put in place as suggested on the Malwarebytes forum or simply by excluding the complete program file from each other.
Malwarebytes does use more memory than previous versions though I haven't noticed any slow downs plus RAM is there to be used, the CPU use with MBAM is quite low as that would normally be the major cause of system sluggishness which I don't see either.
-
Yeah... My Malwarebytes just crashed an hour ago. Perhaps the log was overloaded because of this popup. I have my notification settings turned off atm.
-
I removed Avast and installed WebRoot and I no longer get the malware alerts.. So it was Avast...
-
No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with malware and malicious website protection enabled
-
No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with both shields up.
Same.
I'm using Avast along with MBAM Premium and MBAE (free) and also have not had any problems/alerts regarding any IP blocks.
I've even checked the Malwarebytes logs, nothing at all.
-
Looks like some are getting hit and others are not.. oh well... Too bad Avast lost me for a customer...
-
Looks like some are getting hit and others are not.. oh well... Too bad Avast lost me for a customer...
I'm think this issue is related to streaming updates on a particular CDN.
Different parts of the world be on different CDNs and I think there is 1 CDN which is affected (it does have ff.avast.com) at the end but it's possible that this particular IP is not being by avast! anymore too.
I could also be completely wrong with my assumption.
-
Some information that may be useful ... I have used my laptop in two locations in the last 24 hours, and the alerts appeared only in one of those two locations. (In both cases I am connecting through a Wifi connection.) Where I am now, they are not happening at all. Tonight I will be returning to the original location where I saw this problem, and I'll see whether the alerts come back again.
Hopefully this might be a clue as to the root cause and/or fix?
-
Looks like some are getting hit and others are not.. oh well... Too bad Avast lost me for a customer...
Maybe you need to read the replies ??? You removed Avast even though this has nothing to do with Avast.
Your computer, your choice. Certainly not mine. :)
-
https://forums.malwarebytes.org/index.php?/topic/172548-infected-by-su2ffavastcom-ip-9224214021-dns-hijacking/?p=988597
-
Looks like some are getting hit and others are not..
Mhmn-yeah, you're not alone. It's been about 2 days that I'm getting hit by this like crazy. I had to delete my overloaded logs.
This fixed it: https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/
-
Hi All,
there's a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn't doing any harm up until recently as every DNS server should be reporting that domain as non-existent.
Note this response from Google DNS servers:
nslookup su2.ff.avast.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find su2.ff.avast.com: NXDOMAIN
What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.
We'll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.
Regards.
-
^This explanation makes a lot of sense. Regarding my earlier post above, I can now confirm that the error message only happens in one location (a residence where I believe the ISP is Verizon), and not in another (a hospital setting in which the network is presumably set up by a professional IT staff).
-
Hi All,
there's a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn't doing any harm up until recently as every DNS server should be reporting that domain as non-existent.
Note this response from Google DNS servers:
nslookup su2.ff.avast.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find su2.ff.avast.com: NXDOMAIN
What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.
We'll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.
Regards.
The lastest version of Avast did not seem to fix this issue. Once I switch back to Verizon dns the pop-ups re-occurred.
-
<snip quote>
The lastest version of Avast did not seem to fix this issue. Once I switch back to Verizon dns the pop-ups re-occurred.
You don't say what version you have, as the latest version is now 10.4.2233 released, very recently.
https://forum.avast.com/index.php?topic=176600.0 (https://forum.avast.com/index.php?topic=176600.0)
-
can confirm version 10.4.2233 did NOT fix the su2.ff.avast bug
-
Sorry guys, when I was posting my message, the version you're mentioning was already in testing stage and was closed for changes. So the fix will be in the next version, which will probably be (unless any super urgency occurs) Avast 2016.
Regards.
-
Good luck.... The problem is Malwarebytes not Avast .
I think the real problem ist that you shouldn't use 2 malware programs at the same time. One is enough. If somethink is really suspicious I send it to Virustotal or Jotti.
-
Good luck.... The problem is Malwarebytes not Avast .
I think the real problem ist that you shouldn't use 2 malware programs at the same time. One is enough. If somethink is really suspicious I send it to Virustotal or Jotti.
The rule is not to use two resident Antivirus programs at a time. :) Avast and Malwarebytes work well together
-
Good luck.... The problem is Malwarebytes not Avast .
I think the real problem ist that you shouldn't use 2 malware programs at the same time. One is enough. If somethink is really suspicious I send it to Virustotal or Jotti.
I use both Avast (with real time protection) and Malwarebytes free (only as a scanner) on the same machine, no problem.
Yes I use Virustotal and Jotti too, but they are for individual files, have file size limits, and I can't change any settings in their scanners. Besides, what if you happen to be offline? :)
-
Sorry guys, when I was posting my message, the version you're mentioning was already in testing stage and was closed for changes. So the fix will be in the next version, which will probably be (unless any super urgency occurs) Avast 2016.
Regards.
Thank you JBG for the update!
CyberTom
-
I use both Avast (with real time protection) and Malwarebytes free (only as a scanner) on the same machine.
I use Avast (or another Tool) as real time protection and as a scanner. Think that's enough security; why use another program?
-
I use both Avast (with real time protection) and Malwarebytes free (only as a scanner) on the same machine.
I use Avast (or another Tool) as real time protection and as a scanner. Think that's enough security; why use another program?
Because Malwarebytes is an excellent companion to any AV that includes Avast. :)