Author Topic: Avast Shields/Fw + Steam = Nightmare  (Read 2139 times)

0 Members and 1 Guest are viewing this topic.

OliPicard

  • Guest
Avast Shields/Fw + Steam = Nightmare
« on: March 13, 2014, 12:12:50 AM »
Hi Guys,

I have been having issues with the Avast's shields/fw, I have reinstalled my OS multiple times and for some reason AVAST loves to block steam's update servers even when its whitelisted.

The following IP Addresses are being actively blocked by Avast
208.64.200.7    Port 80 Identifiying as "System"


I am thinking of completely removing Avast and going with a different A/V. This has gotten out of hand!


Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6705
  • Trust only what you test yourself!
Re: Avast Shields/Fw + Steam = Nightmare
« Reply #1 on: March 13, 2014, 12:46:43 AM »
I could not find anything bad at that IP.

http://www.ipvoid.com/scan/208.64.200.7/
http://maldb.com/steampowered.com/nd
http://urlquery.net/report.php?id=9872644

Found suspicious javascript at jsunpack http://jsunpack.jeek.org/?report=99876652a8e2f7e150d3b376681bf6c607a1c24c
And alerts here http://zulu.zscaler.com/submission/show/a31f096f39b14530c96ade4f5ae2192b-1394666406
Threatstop showed bot or trojans from three years ago. Not sure if they were cleaned.
I was not able to check for cross scripting due to scanner overload.

You may contact avast about website issues with this form http://www.avast.com/contact-form.php
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

OliPicard

  • Guest
Re: Avast Shields/Fw + Steam = Nightmare
« Reply #2 on: March 13, 2014, 01:14:56 AM »
Thanks Para-Noid,

I will do a fresh install tommorow, Seems like Avast white lists the program then blocks it under system. If things don't work out I'll be looking at other FW systems that get on well with Avast. Any suggestions would be great!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33746
  • malware fighter
Re: Avast Shields/Fw + Steam = Nightmare
« Reply #3 on: March 13, 2014, 01:20:26 AM »
General disclaimer -  * do not try to reconstruct potential malicious/suspicious links - do this is on your own risk!

Consider details here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.steampowered.com&useragent=Fetch+useragent&accept_encoding=

This domain cannot be resolved: htxp   ed0. dot lux dot valve dot ne  *
Also see issues here: http://dnscheck.pingdom.com/?domain=steampowered.com  (historical etc.)

The third nameserver gives a reverse for 146 dot 66 dot 153 dot 352 pointing to the unknown host name see above *

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

OliPicard

  • Guest
Re: Avast Shields/Fw + Steam = Nightmare
« Reply #4 on: March 13, 2014, 10:49:54 AM »
Hi Polonus,

Many Thanks for the site analysis, I have looked at the 3rd ns record. It points to valve's Luxembourg datacenter. This is there backup storefront server hence the lookup to  ed0.lux.valve.net

I'll continue to monitor the site for any issues