Author Topic: su2.ff.avast.com  (Read 14991 times)

0 Members and 1 Guest are viewing this topic.

Offline Bob13

  • Newbie
  • *
  • Posts: 8
Re: su2.ff.avast.com
« Reply #15 on: September 10, 2015, 06:43:08 PM »
I have decided to remove Avast and go to Webroot... 

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41254
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: su2.ff.avast.com
« Reply #16 on: September 10, 2015, 08:44:13 PM »
I have decided to remove Avast and go to Webroot...
Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 10898
  • No support PM's thanks
Re: su2.ff.avast.com
« Reply #17 on: September 10, 2015, 08:56:57 PM »
I have decided to remove Avast and go to Webroot...
Good luck.... The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn't always work well
with other security programs.
Not necessarily true Bob, as far as Malwarebytes are concerned the detection is positive and appears to be a DNS hijacking as the IP in question is not related to Avast.

Malwarebytes being a system hog isn't part of this topic but as you raised it then I'll answer it, Malwarebytes plays well with all AV's I've tested it with ( and that is many ) as long as exclusions are put in place as suggested on the Malwarebytes forum or simply by excluding the complete program file from each other.
Malwarebytes does use more memory than previous versions though I haven't noticed any slow downs plus RAM is there to be used, the CPU use with MBAM is quite low as that would normally be the major cause of system sluggishness which I don't see either.

Offline SamsTheMane

  • Newbie
  • *
  • Posts: 7
Re: su2.ff.avast.com
« Reply #18 on: September 10, 2015, 09:41:45 PM »
Yeah... My Malwarebytes just crashed an hour ago. Perhaps the log was overloaded because of this popup. I have my notification settings turned off atm.

Offline Bob13

  • Newbie
  • *
  • Posts: 8
Re: su2.ff.avast.com
« Reply #19 on: September 10, 2015, 10:24:02 PM »
I removed Avast and installed WebRoot and I no longer get the malware alerts.. So it was Avast...

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7470
  • No soporte por PM.
Re: su2.ff.avast.com
« Reply #20 on: September 10, 2015, 10:24:44 PM »
No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with malware and malicious website protection enabled
« Last Edit: September 10, 2015, 10:26:53 PM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2222
Re: su2.ff.avast.com
« Reply #21 on: September 10, 2015, 10:26:44 PM »
No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with both shields up.

Same.

I'm using Avast along with MBAM Premium and MBAE (free) and also have not had any problems/alerts regarding any IP blocks.

I've even checked the Malwarebytes logs, nothing at all.
Windows 10 Home 64-bit • Avast Internet Security (latest stable version) • Malwarebytes 3 Premium (latest) • Google Chrome • CCleaner •

Offline Bob13

  • Newbie
  • *
  • Posts: 8
Re: su2.ff.avast.com
« Reply #22 on: September 10, 2015, 10:31:33 PM »
Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2222
Re: su2.ff.avast.com
« Reply #23 on: September 10, 2015, 10:44:06 PM »
Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...

I'm think this issue is related to streaming updates on a particular CDN.

Different parts of the world be on different CDNs and I think there is 1 CDN which is affected (it does have ff.avast.com) at the end but it's possible that this particular IP is not being by avast! anymore too.

I could also be completely wrong with my assumption.
« Last Edit: September 10, 2015, 10:45:37 PM by Alikhan »
Windows 10 Home 64-bit • Avast Internet Security (latest stable version) • Malwarebytes 3 Premium (latest) • Google Chrome • CCleaner •

Offline lou14

  • Newbie
  • *
  • Posts: 4
Re: su2.ff.avast.com
« Reply #24 on: September 10, 2015, 11:15:59 PM »
Some information that may be useful ... I have used my laptop in two locations in the last 24 hours, and the alerts appeared only in one of those two locations.  (In both cases I am connecting through a Wifi connection.)  Where I am now, they are not happening at all.  Tonight I will be returning to the original location where I saw this problem, and I'll see whether the alerts come back again.

Hopefully this might be a clue as to the root cause and/or fix?

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 41254
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: su2.ff.avast.com
« Reply #25 on: September 10, 2015, 11:20:40 PM »
Looks like some are getting hit and others are not..  oh well...   Too bad Avast lost me for a customer...
Maybe you need to read the replies ??? You removed Avast even though this has nothing to do with Avast.
Your computer, your choice. Certainly not mine. :)
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1903 64bit, 8 Gig Ram, AvastFree 19.6.xxxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35952
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline SamsTheMane

  • Newbie
  • *
  • Posts: 7
Re: su2.ff.avast.com
« Reply #27 on: September 11, 2015, 05:55:24 AM »
Looks like some are getting hit and others are not..
Mhmn-yeah, you're not alone. It's been about 2 days that I'm getting hit by this like crazy. I had to delete my overloaded logs.

This fixed it: https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/
« Last Edit: September 11, 2015, 06:14:44 AM by SamsTheMane »

Offline JBG

  • Avast team
  • Jr. Member
  • *
  • Posts: 50
Re: su2.ff.avast.com
« Reply #28 on: September 11, 2015, 01:05:30 PM »
Hi All,
there's a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn't doing any harm up until recently as every DNS server should be reporting that domain as non-existent.

Note this response from Google DNS servers:
Code: [Select]
nslookup su2.ff.avast.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find su2.ff.avast.com: NXDOMAIN

What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.

We'll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.

Regards.

Offline lou14

  • Newbie
  • *
  • Posts: 4
Re: su2.ff.avast.com
« Reply #29 on: September 11, 2015, 01:17:09 PM »
^This explanation makes a lot of sense.  Regarding my earlier post above, I can now confirm that the error message only happens in one location (a residence where I believe the ISP is Verizon), and not in another (a hospital setting in which the network is presumably set up by a professional IT staff).