Author Topic: su2.ff.avast.com  (Read 24255 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
su2.ff.avast.com
« on: September 10, 2015, 12:06:57 AM »
My malwarebytes keeps telling me that there is malware with the domain of su2.ff.avast.com, IP Address 92.242.140.21 Port 50183 Outbound  in Avstsvc.exe

I am not sure what this is and why this is happening.  How can I fix it.

I run Malwarebytes and my Avast and neither of them find any issues.

Regards,

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #1 on: September 10, 2015, 12:29:53 AM »
Same exact pop-ups here. First time this happened to me starting earlier today. It's still popping up.
« Last Edit: September 10, 2015, 12:33:18 AM by SamsTheMane »

Offline Donna4

  • Newbie
  • *
  • Posts: 1
Re: su2.ff.avast.com
« Reply #2 on: September 10, 2015, 12:56:09 AM »
my malwarebytes has also detected it...it won't stop, popping up about every 2-3 minutes...ran a scan and cleaned computer and all is good, nothing found, so definitely has to be on avasts side of things since many others are also having the same issue...very very annoying

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: su2.ff.avast.com
« Reply #3 on: September 10, 2015, 01:18:11 AM »
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn't do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.

AS you can see these are sub-domains of avast.com.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #4 on: September 10, 2015, 02:19:41 AM »
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn't do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.

AS you can see these are sub-domains of avast.com.

Thank you and Yes, temporarily disabling the Mailicious Website Protection on MBAM pro does stop the pop-ups.   However, I don't feel comfortable surfing the web with it off though :).

Hopefully Avast can confirm this is not a real threat or MBAM will flag it.....


REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #5 on: September 10, 2015, 02:37:46 AM »
I looked at my MBAM a few minutes ago and it was stuck on updating. So I've restarted MBAM to complete the update (v2015.09.09.07) and no pop-ups notifying that ip so far.  :)

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #6 on: September 10, 2015, 04:03:55 AM »
I did the update and I am still getting the popups...  This is crazy..

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #7 on: September 10, 2015, 04:37:22 AM »
I did the update and I am still getting the popups...  This is crazy..

Whoops. Sorry guys! Restarting MBAM disabled my protection the whole time... Go figure.
So I had to re-enable "Malware Protection" and "Malicious Website Protection", and did another update (v2015.09.10.01).

As of so far right now, there have been no pop-ups while the following protection settings are turned on. Will say if it happens again.

There are 2 threads about it on their site: https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/

I'm using Windows 7 btw.

EDIT: lol And the pop-up is happening again. Ugh! Hope this gets fixed.
« Last Edit: September 10, 2015, 04:53:12 AM by SamsTheMane »

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #8 on: September 10, 2015, 04:59:17 AM »
Getting the same thing.  Has been happening all day - including MBAM pop up every 2-3 minutes.  Have run scans, nothing found.  Rebooted computer, etc.  Still happening.   IP address look up says it's unallocated.barefruit.co.uk   Class B:  92.242.0.0 - 92.242.255.255. 

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: su2.ff.avast.com
« Reply #9 on: September 10, 2015, 08:46:01 AM »

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #10 on: September 10, 2015, 05:27:31 PM »
This is a freaking mess... Why can't someone put a fix out there. 

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #11 on: September 10, 2015, 06:02:28 PM »
In 24-hours I will find a new protection software and DELETE avast.

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #12 on: September 10, 2015, 06:07:55 PM »
It would seem that Avast needs to update its client-side software and/or server configuration to resolve this issue.  It's affecting a number of people (myself included) and it doesn't seem to be attributable to Malwarebytes.  Of course, if Avast disagrees that's fine, but I would ask that Avast take up the issue with Malwarebytes and come to an agreeable solution.  Each company telling all these people to contact the other company's support staff is a waste of everyone's time.  Thanks!

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #13 on: September 10, 2015, 06:10:20 PM »
Quote from another User...
Quote
it is an avast-issue.. the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does NOT resolve to an IP address and therefore the connection is redirected to the "92.242.140.21" IP address which is being flagged by the MBAM program..

 

y'all need to take up this issue with avast.. tell avast that the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does not resolve to an IP address and, so, the connection is redirected to the "92.242.140.21" IP address which is flagged by the MBAM program..

Avast please fix this otherwise you will be losing a lot of users...

REDACTED

  • Guest
Re: su2.ff.avast.com
« Reply #14 on: September 10, 2015, 06:13:21 PM »
This seems to be a DNS hijack as reported on Malewarebytes.

https://forum.avast.com/index.php?topic=176230.0

https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/


Many have changed their DNS which fixed the problem without disabling Malwarebytes.

Here is a link to change your DNS.
https://developers.google.com/speed/public-dns/docs/using?hl=en
« Last Edit: September 10, 2015, 06:20:08 PM by CyberTom »