Author Topic: su2.ff.avast.com - Malicous Website Detected  (Read 12292 times)

0 Members and 1 Guest are viewing this topic.

Offline CyberTom

  • Newbie
  • *
  • Posts: 8
su2.ff.avast.com - Malicous Website Detected
« on: September 10, 2015, 12:10:57 AM »
Hello,

I thought I would post this here since Malwarebytes is blocking and reporting su2.ff.avast.com as a Malicous Website.

All scans are reporting clean.

This pops up every few minutes and just started today.

Thanks
« Last Edit: September 11, 2015, 10:17:22 PM by CyberTom »

Offline robertb235

  • Newbie
  • *
  • Posts: 1
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #1 on: September 10, 2015, 01:10:12 AM »
same thing showed on my computer today!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83557
  • No support PMs thanks
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #2 on: September 10, 2015, 01:17:05 AM »
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn't do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.

AS you can see these are sub-domains of avast.com.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline Michael634

  • Newbie
  • *
  • Posts: 2
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #3 on: September 10, 2015, 07:14:54 AM »
I have the same issue.  Started today at about 2PM Pacific Time. Michael

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11019
  • No support PM's thanks
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #4 on: September 10, 2015, 07:40:27 AM »
Please report it on the Malwarebytes forum.

It might not be a false positive, appears to related to a DNS hijacker if you read the post by MysteryFCM https://forums.malwarebytes.org/index.php?/topic/172525-su2ffavastcom-being-blocked/
« Last Edit: September 10, 2015, 07:48:38 AM by CraigB »

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11019
  • No support PM's thanks

Offline lou14

  • Newbie
  • *
  • Posts: 4
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #6 on: September 10, 2015, 06:07:15 PM »
It would seem that Avast needs to update its client-side software and/or server configuration to resolve this issue.  It's affecting a number of people (myself included) and it doesn't seem to be attributable to Malwarebytes.  Of course, if Avast disagrees that's fine, but I would ask that Avast take up the issue with Malwarebytes and come to an agreeable solution.  Each company telling all these people to contact the other company's support staff is a waste of everyone's time.  Thanks!

Offline CyberTom

  • Newbie
  • *
  • Posts: 8
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #7 on: September 10, 2015, 06:10:16 PM »
It looks like this is a DNS hijack as reported at Malwalebytes.

https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/


Many have changed their DNS which fixed the problem without disabling Malwarebytes.

Here is a link to change your DNS.
https://developers.google.com/speed/public-dns/docs/using?hl=en

Offline Bob13

  • Newbie
  • *
  • Posts: 8
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #8 on: September 10, 2015, 06:12:35 PM »
Avast needs to fix their product..

Offline KentM

  • Newbie
  • *
  • Posts: 2
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #9 on: September 10, 2015, 10:51:00 PM »
This started about four days ago for me. Resetting DNS to the Google settings seems to have fixed it for me. I am running Win 7 Pro, MWB Premium, Avast PRO and using Verizon FIOS.

Offline seawolf61

  • Newbie
  • *
  • Posts: 1
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #10 on: September 11, 2015, 12:12:40 AM »
Same Problem I am having. the MBAM forum states: the avast program is trying to make connections to "su2.ff.avast.com" but "su2.ff.avast.com" does not resolve to an IP address and, so, the connection is redirected to the "92.242.140.21" IP address which is flagged by the MBAM program. I tried to ping the address myself and it would not resolve.


Offline kisaacs

  • Newbie
  • *
  • Posts: 2
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #12 on: September 11, 2015, 01:52:32 AM »
Attached is the protection file from malwarebytes that shows avast as a malicious website

Offline jameslynch795

  • Newbie
  • *
  • Posts: 1
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #13 on: September 11, 2015, 02:54:24 AM »
I want someone from Avast to address this issue.  This is silly, the transmittal is coming from their system and is annoying.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83557
  • No support PMs thanks
Re: su2.ff.avast.com - Malicous Website Detected
« Reply #14 on: September 11, 2015, 04:37:33 PM »
I want someone from Avast to address this issue.  This is silly, the transmittal is coming from their system and is annoying.

I'm not from avast, but an avast user just like yourself - If this is DNS Hijacking as has been suggested on the malwarebytes forum, then this is somewhat different when saying who is at fault.

Are you aware what dns hijacking is, when your computer/browser tries to access a site that is shown in a user friendly/readable form such as su2.ff.avast.com it checks against 'your' DNS server commonly provided by your ISP to get the IP address.

If that DNS has been hijacked then it can return a different IP address, which could be considered malicious. But if it is your ISPs DNS server that has been hijacked then they have to resolve that. This is why not everyone is effected by this and why the suggestion to change your DNS server resolves this problem, when nothing has changed in avast.

So it isn't as clear cut as you might think.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro