Home network scan results in suspicious outbound traffic / Malwarebytes

[REDACTED]

Hello,

When I run a home network scan on Avast Premier I get a clear from Avast (home network safe apparently), BUT Malwarebytes simultaneously blocks several suspicous looking outgoing connections (see list below). This happens every time the Avast home network scan is started.

Oddly, a scan with Malwarebytes itself finds nothing.

Could this behavior be due to some new undetected malware? What's going on?

Any help welcome.

Thanks!



Here the list of outgoing connections as detected by Malwarebytes:
Detection, 09.11.2014 14:03:00, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound,
Detection, 09.11.2014 14:03:02, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 91.98.28.98, digikala.com, 0, Outbound,
Detection, 09.11.2014 14:03:02, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 91.202.63.7, cy-pr.com, 0, Outbound,
Detection, 09.11.2014 14:03:11, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 91.202.63.160, movie4k.to, 0, Outbound,
Detection, 09.11.2014 14:03:12, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 80.252.188.228, 0427d7.se, 0, Outbound,
Detection, 09.11.2014 14:03:13, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 93.115.87.53, tukif.com, 0, Outbound,
Detection, 09.11.2014 14:03:13, SYSTEM, xxx, Protection, Malicious Website Protection, IP, 62.210.141.210, kickass.to, 0, Outbound,

[REDACTED]

Same issue reported here
https://forum.avast.com/index.php?topic=158492.0

With no explanation I might add

[REDACTED]

I am using Avast since some years for all my PCs. Since some days I am getting security alerts from my router informing me about port scans from IP address 77.234.42.45. This address seems to belong to Avast, and the port scans may be part of the new 'Scan for network threats' function in Avast. If I would know this for sure I could ignore them. But I am not sure, because I get warnings not only after I'm manually starting a 'Scan for network threats'. Unfortunately I cannot exclude IP addresses from my router's warning function. So it seems to get rid of these warnings I have to switch them off totally. Also not the best solution. Is there somebody who can tell me more about these port scans?

[REDACTED]

This is a problem with AVAST 2015 sending out a flood of DNS queries on start-up to some bad sites.  OPENDNS blocked all these crazy requests and logged them for me.  I spent the better part of a week isolating the issue taking wireshark traces.  I thought someone had hacked into my home network and was doing some nasty things

OPEN DNS DATA on number of queries from when I turned on all my PCs at 5pm after coming home from work:
11/17/2014 15:00   362
11/17/2014 16:00   473
11/17/2014 17:00   5375
11/17/2014 18:00   1198
11/17/2014 19:00   910

I've submitted a ticket and got the standard response to reinstall.  I've duped this on all 4 of my PCs running AVAST 2015 - after turning off the tools the issue is gone.  They have my wireshark traces and my OPEN DNS data - I hope they take this seriously.

Here is snap shot of some of the bad sites they are sending out the queries to:
shaadi.com
vk.com
xhamster.com
xnxx.com
dmm.co.jp
twoo.com
xvideos.com
youporn.com
tukif.com
conduit.com
livedoor.com
drtuber.com
pornhub.com
redtube.com
sex.com
privatehomeclips.com
sexlog.com
pornerbros.com
spankwire.com

[REDACTED]

Why would Avast send Outbound reqs to Child Porn Sites? I paid for Malwarebytes Premium and and it is definitely in the Avst free and according to you,the Premium download as well,plenty of free AV's out there, sick man! I removed Avast cuz I had to. Kapersky next. Clear that Avast Dload is infected or it is intentional to test some functionality,they didn't expect you to have another Malware Guard Dog. Most of the sites you listed will present Ransom Trojan and Freeze ur PC. Dont surf illegal Porn.
Stick with Pornhub adult naughtyness.

[Pondus]

This topic is from 2014/2015

The outbound traffic is related to avast dns hijack check