Author Topic: What is this that Avast is blocking ?  (Read 8129 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
What is this that Avast is blocking ?
« on: December 30, 2014, 06:38:54 PM »
Opened Firefox this morning and the page that opened up was Facebook (along with all of my other tabs). I immediately received a notification from Avast that it had blocked a malware  infection from https://54.186.138.97,C:\program files (x86) \mozilla firefox\firefox.exe. Can anyone tell me what this is all about ? I've seen this at least once before very recently.Possobly 2-3 other times.I can't say how many times for certain because I don't shut my browser down very often and it blocks it and I just don't worry about it.But,it's getting annoying.apcgvlu

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: What is this that Avast is blocking ?
« Reply #1 on: December 30, 2014, 06:45:11 PM »
Guessing ads from a blacklisted url/ip


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What is this that Avast is blocking ?
« Reply #2 on: December 30, 2014, 06:47:58 PM »
Please break the link to what is a suspect site to avoid accidental exposure - change the https to hXXps.

Do you have a screenshot of the avast alert, if so please attach it to your next reply.

If you haven't had any other avast popup since then, right click on the avast tray icon and select 'Show last popup message.'

Though a reverse DNS fir this IP comes back as compute.amazonaws.com see http://www.ip-adress.com/ip_tracer/54.186.138.97. So I wonder why the alert was triggered - and why I asked for the screenshot.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What is this that Avast is blocking ?
« Reply #4 on: December 30, 2014, 07:00:54 PM »
Yep history - avast needs to investigate the apparent IP block.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: What is this that Avast is blocking ?
« Reply #5 on: December 30, 2014, 07:07:18 PM »
David.....please speak moron ! I'm not exactly a tech genius.I do not have a screenshot.A typed out the alert in notepad EXACTLY as it was was written out in the message and copied & pates it in my forum post.

Now,I've got another another one while visiting a Twitter page !!!
http://48989578.special-notice2992.com/c.php?aid=259&lid=8844

And,honestly,David,I don't know what you mean  by " break the link to what is a suspect site to avoid accidental exposure - change the https to hXXps".????????? hXXps ???????? Hmmmmmm.Okie-dokiee.
« Last Edit: December 30, 2014, 07:15:30 PM by guitarfiendiii »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What is this that Avast is blocking ?
« Reply #6 on: December 30, 2014, 07:21:16 PM »
When posting suspect links pleas break them so they aren't active to avoid accidental exposure for others - changing the http to hXXp in the urls you posted breaks the link, people can't accidentally click on the suspect link.

This link however is entirely different to your original one and should perhaps be kept separate. But weird links from twitter doesn't surprise me in the least (I don't use any social networking sites, so can't really speak on it).

As far as not being able to get a screenshot - that would most likely have also given a URL:MAL as the reason for blocking the IP address.

It is possible that this is because of the history of that IP address (link in Pondus's post), previously it has been used/owned by many other domains (not just the amazonaws.com), these other domains and their random names are highly suspect. These may well have been malicious and this is probably why the IP address is blocked,
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: What is this that Avast is blocking ?
« Reply #7 on: December 30, 2014, 07:47:04 PM »
Ahhhhh.....okay ! I think I understand what you mean now.I'm very sorry about that.And,I really don't use Twitter.But,Marty Balin "followed" me.How could I say no ? Ha,ha.(He's one of the old lead vocalists for (The old) Jefferson Airplane.I must commend you on your "non-use" of social media !  I use FB just to kill time.But,I pretty much despise it.Hey.....thank you all for your help.I start seeing stuff like this happening  (often) and it begins to make me worry a bit.It makes me think that maybe somethings wrong with Avast and maybe Avast itself has become infected.THAT scares me ! He,he.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: What is this that Avast is blocking ?
« Reply #8 on: December 30, 2014, 08:04:38 PM »
If/when you think this is something in your computer (it happens) then free check/removal help is done in viruses and worms forum section
See instructions here   https://forum.avast.com/index.php?topic=53253.0

Logs needed to help you are Malwarebytes and Farbar Recovery Scan Tool


Offline Sirmer

  • Avast team
  • Sr. Member
  • *
  • Posts: 324
Re: What is this that Avast is blocking ?
« Reply #9 on: December 30, 2014, 08:07:26 PM »
Detection was turned off. sorry for inconvenience

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What is this that Avast is blocking ?
« Reply #10 on: December 30, 2014, 10:16:45 PM »
Detection was turned off. sorry for inconvenience

Thanks for the prompt response.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: What is this that Avast is blocking ?
« Reply #11 on: December 30, 2014, 10:53:29 PM »
Detection was turned off. sorry for inconvenience



I'm still getting the pop-up, like many other polish avast users.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: What is this that Avast is blocking ?
« Reply #12 on: December 30, 2014, 11:12:41 PM »
I don't know if the block (edit, being cleared) is effective yet or not - ordinarily this would come through a virus definitions update (VPS) - so it could take a little time for that to happen.

Whilst it could come through in a streaming update, which is more frequent.

Check that you have the latest VPS update, if so it may be a little longer.
« Last Edit: December 30, 2014, 11:20:32 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Avast Eagle

  • Sr. Member
  • ****
  • Posts: 207
Re: What is this that Avast is blocking ?
« Reply #13 on: December 31, 2014, 04:22:39 AM »
Today also saw this just after opening Firefox
it's the 2nd time i see it (only when i opened firefox, not while surfing a website)
« Last Edit: December 31, 2014, 04:38:47 AM by Ichise »

Offline maxle

  • Jr. Member
  • **
  • Posts: 20
Re: What is this that Avast is blocking ?
« Reply #14 on: December 31, 2014, 11:54:01 AM »
This early morning with the new update the malware pop up disappeared. Many thanks to AVAST team members for the quick intervention, despite the "end of the year" critical period.  :)