Author Topic: Avast connecting to Trojan infected web page  (Read 1618 times)

0 Members and 1 Guest are viewing this topic.

Offline GrzegorzW

  • Newbie
  • *
  • Posts: 2
Avast connecting to Trojan infected web page
« on: March 28, 2021, 10:00:59 AM »
Is it possible that Avast is infected by a trojan?

I have Avast Premium together with Malwarebytes on Windows 10 Pro 64-bit system (details below). Due to multiple BSODs caused by Avast trying to access Ndu.sys, i have switched it off for some time and then i got an pop-up window from Malwarebytes that Avast has tried to connect to web page infected by trojan:

Domain: 2.pool.ntp.org
IP address: 188.165.17.91
Port: 123
Connection type: outgoing:
File: AvastSvc.exe

And Malwarebytes stopped the connection

Details of the operating system and software:

Operating system: Windows 10 Pro 64-bit
Avast Premium  (version 21.2.2455, compilation 21.2.6096.561, updaten on my PC on 27th March 2021)
Malwarebytes Premium version 4.3.0.98, updated on 28th Mrch 2021
The mutual exclusions were set both in Avast and Malwarebytes.
Ndu.sys was added to Avast exception list, yet it did not stopped the BSODs caused by Avast trying to work on that file.

Any comments from Avast regarding that?
I'm geting more and more disappointed with the product which not only causes BSODs by some strange interaction with Ndu.sys, but also tries to get to infected web pages!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast connecting to Trojan infected web page
« Reply #1 on: March 28, 2021, 11:51:44 AM »
Quote
but also tries to get to infected web pages!
have you considered that it can be a false positive?



Offline GrzegorzW

  • Newbie
  • *
  • Posts: 2
Re: Avast connecting to Trojan infected web page
« Reply #2 on: April 01, 2021, 08:14:03 PM »
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast connecting to Trojan infected web page
« Reply #3 on: April 01, 2021, 11:24:56 PM »
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
Where are you getting that information from?
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast connecting to Trojan infected web page
« Reply #4 on: April 02, 2021, 01:13:06 AM »
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
Where are you getting that information from?

I would agree with Bob in that a screenshot of the MBAM Alert would allow for testing, outside of that who is to say if it isn't an MBAM FP ?

Quote
The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source
So there could well be a legitimate reason for to connect to this NTP source.

I don't know why it would stop access to 2.pool.ntp.org as potentially malicious, there is nothing found on this check, https://www.virustotal.com/gui/url/ad1fab2d49ec9a2dce09ad9b1a182f82be824d79ef0f493d434fcc4066d352fc/detection

Also see https://www.ntppool.org/en/use.html

Port: 123 is also the correct port to use for connecting to the NTP server/s 

But your comment on Avast causing a bsod on Ndu.sys , when this seems unrelated to the above point, I think the two are unrelated and there is a case that it could also be an issue with MBAM.
https://forums.malwarebytes.com/topic/261609-malwareytes-premium-breaking-ndusys/

Having two resident security products can cause conflicts, could this be a possibility in this instance, I don't know.  Even when I did have MBAM Pro lifetime license I didn't let it run as resident.  But I ditched my lifetime license and MBAM when it went to version 3.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Avast connecting to Trojan infected web page
« Reply #5 on: April 02, 2021, 01:35:42 AM »
I have read about this server and even Avast confirms that there is a well-known trojan that is distributed from that server... Malwarebytes very rarely causes false positives
And by rarely you mean what? 

If you mean never then why do they have a FP reporting section in there forum?  https://forums.malwarebytes.com/forum/122-false-positives/


   

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast connecting to Trojan infected web page
« Reply #6 on: April 02, 2021, 08:44:44 AM »
But your comment on Avast causing a bsod on Ndu.sys , when this seems unrelated to the above point, I think the two are unrelated and there is a case that it could also be an issue with MBAM.
[...]
Having two resident security products can cause conflicts, could this be a possibility in this instance, I don't know.  Even when I did have MBAM Pro lifetime license I didn't let it run as resident.  But I ditched my lifetime license and MBAM when it went to version 3.
Dave is right, more here: https://support.malwarebytes.com/hc/en-us/articles/360051090194-Issues-running-other-security-applications-and-Malwarebytes-for-Windows
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0