su2.ff.avast.com

[REDACTED]

I have decided to remove Avast and go to Webroot... 

[bob3160]

I have decided to remove Avast and go to Webroot...

Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.

[CraigB]

I have decided to remove Avast and go to Webroot...

Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.

Not necessarily true Bob, as far as Malwarebytes are concerned the detection is positive and appears to be a DNS hijacking as the IP in question is not related to Avast.

Malwarebytes being a system hog isn't part of this topic but as you raised it then I'll answer it, Malwarebytes plays well with all AV's I've tested it with ( and that is many ) as long as exclusions are put in place as suggested on the Malwarebytes forum or simply by excluding the complete program file from each other.
Malwarebytes does use more memory than previous versions though I haven't noticed any slow downs plus RAM is there to be used, the CPU use with MBAM is quite low as that would normally be the major cause of system sluggishness which I don't see either.

[REDACTED]

Yeah... My Malwarebytes just crashed an hour ago. Perhaps the log was overloaded because of this popup. I have my notification settings turned off atm.

[REDACTED]

I removed Avast and installed WebRoot and I no longer get the malware alerts.. So it was Avast...

[REDACTED]

No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with malware and malicious website protection enabled

[Alikhan]

No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with both shields up.

Same.

I'm using Avast along with MBAM Premium and MBAE (free) and also have not had any problems/alerts regarding any IP blocks.

I've even checked the Malwarebytes logs, nothing at all.

[REDACTED]

Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...

[Alikhan]

Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...

I'm think this issue is related to streaming updates on a particular CDN.

Different parts of the world be on different CDNs and I think there is 1 CDN which is affected (it does have ff.avast.com) at the end but it's possible that this particular IP is not being by avast! anymore too.

I could also be completely wrong with my assumption.

[REDACTED]

Some information that may be useful ... I have used my laptop in two locations in the last 24 hours, and the alerts appeared only in one of those two locations.  (In both cases I am connecting through a Wifi connection.)  Where I am now, they are not happening at all.  Tonight I will be returning to the original location where I saw this problem, and I'll see whether the alerts come back again.

Hopefully this might be a clue as to the root cause and/or fix?

[bob3160]

Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...

Maybe you need to read the replies You removed Avast even though this has nothing to do with Avast.
Your computer, your choice. Certainly not mine.

[Pondus]

https://forums.malwarebytes.org/index.php?/topic/172548-infected-by-su2ffavastcom-ip-9224214021-dns-hijacking/?p=988597

[REDACTED]

Looks like some are getting hit and others are not..

Mhmn-yeah, you're not alone. It's been about 2 days that I'm getting hit by this like crazy. I had to delete my overloaded logs.

This fixed it: https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

[JBG]

Hi All,
there's a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn't doing any harm up until recently as every DNS server should be reporting that domain as non-existent.

Note this response from Google DNS servers:

Code: [Select]

nslookup su2.ff.avast.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find su2.ff.avast.com: NXDOMAIN

What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.

We'll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.

Regards.

[REDACTED]

^This explanation makes a lot of sense.  Regarding my earlier post above, I can now confirm that the error message only happens in one location (a residence where I believe the ISP is Verizon), and not in another (a hospital setting in which the network is presumably set up by a professional IT staff).