Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: GrzegorzW on March 28, 2021, 10:00:59 AM
-
Is it possible that Avast is infected by a trojan?
I have Avast Premium together with Malwarebytes on Windows 10 Pro 64-bit system (details below). Due to multiple BSODs caused by Avast trying to access Ndu.sys, i have switched it off for some time and then i got an pop-up window from Malwarebytes that Avast has tried to connect to web page infected by trojan:
Domain: 2.pool.ntp.org
IP address: 188.165.17.91
Port: 123
Connection type: outgoing:
File: AvastSvc.exe
And Malwarebytes stopped the connection
Details of the operating system and software:
Operating system: Windows 10 Pro 64-bit
Avast Premium (version 21.2.2455, compilation 21.2.6096.561, updaten on my PC on 27th March 2021)
Malwarebytes Premium version 4.3.0.98, updated on 28th Mrch 2021
The mutual exclusions were set both in Avast and Malwarebytes.
Ndu.sys was added to Avast exception list, yet it did not stopped the BSODs caused by Avast trying to work on that file.
Any comments from Avast regarding that?
I'm geting more and more disappointed with the product which not only causes BSODs by some strange interaction with Ndu.sys, but also tries to get to infected web pages!
-
but also tries to get to infected web pages!
have you considered that it can be a false positive?
-
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
-
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
Where are you getting that information from?
-
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
Where are you getting that information from?
I would agree with Bob in that a screenshot of the MBAM Alert would allow for testing, outside of that who is to say if it isn't an MBAM FP ?
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source
So there could well be a legitimate reason for to connect to this NTP source.
I don't know why it would stop access to 2.pool.ntp.org as potentially malicious, there is nothing found on this check, https://www.virustotal.com/gui/url/ad1fab2d49ec9a2dce09ad9b1a182f82be824d79ef0f493d434fcc4066d352fc/detection
Also see https://www.ntppool.org/en/use.html
Port: 123 is also the correct port to use for connecting to the NTP server/s
But your comment on Avast causing a bsod on Ndu.sys , when this seems unrelated to the above point, I think the two are unrelated and there is a case that it could also be an issue with MBAM.
https://forums.malwarebytes.com/topic/261609-malwareytes-premium-breaking-ndusys/
Having two resident security products can cause conflicts, could this be a possibility in this instance, I don't know. Even when I did have MBAM Pro lifetime license I didn't let it run as resident. But I ditched my lifetime license and MBAM when it went to version 3.
-
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
And by rarely you mean what?
If you mean never then why do they have a FP reporting section in there forum? https://forums.malwarebytes.com/forum/122-false-positives/
-
But your comment on Avast causing a bsod on Ndu.sys , when this seems unrelated to the above point, I think the two are unrelated and there is a case that it could also be an issue with MBAM.
[...]
Having two resident security products can cause conflicts, could this be a possibility in this instance, I don't know. Even when I did have MBAM Pro lifetime license I didn't let it run as resident. But I ditched my lifetime license and MBAM when it went to version 3.
Dave is right, more here: https://support.malwarebytes.com/hc/en-us/articles/360051090194-Issues-running-other-security-applications-and-Malwarebytes-for-Windows