Author Topic: Avast update connects to adult site  (Read 9071 times)

0 Members and 1 Guest are viewing this topic.

entu

  • Guest
Avast update connects to adult site
« on: July 11, 2009, 12:53:55 PM »
Hi everybody,
I've noticed that my installation of Avast connects to some adult site during the update process.

It seems to download some pictures from there, and I really cannot see the reason for doing that.

Thank you for your attention,
Frank

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Avast update connects to adult site
« Reply #1 on: July 11, 2009, 12:57:21 PM »
-= Where did you download your copy of avast..? Was it from an e-mail..?
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1

entu

  • Guest
Re: Avast update connects to adult site
« Reply #2 on: July 11, 2009, 01:07:13 PM »
Hi L' arc

I got the installer from the official website and I've successfully used it for a long time, this is a recent issue as for what I've noticed.

Maybe my Avast has been hijacked / infected itself?

Thanks again,
Frank
« Last Edit: July 11, 2009, 01:18:04 PM by entu »

micky77

  • Guest
Re: Avast update connects to adult site
« Reply #3 on: July 11, 2009, 01:25:35 PM »
Have you run any scans with Avast or other ?
Download these programs, HijackThis,run , choose, scan and save logfile, copy/paste the txt log
http://filehippo.com/download_hijackthis/

Download,install,updateand run ' quick' scans with MBAM and SAS, copy/paste the logs
http://filehippo.com/download_malwarebytes_anti_malware/
http://filehippo.com/download_superantispyware/

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Avast update connects to adult site
« Reply #4 on: July 11, 2009, 01:27:15 PM »
I don't think that it is avast which is infected... maybe your browser was hijacked, maybe the hosts file compromised.

I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.
The best things in life are free.

entu

  • Guest
Re: Avast update connects to adult site
« Reply #5 on: July 11, 2009, 01:33:51 PM »
Thank you very much everybody for your pointers, I'll check to see if I can solve the issue following your directions and I'll get back here once I'll be done with those steps.

Some additional information meanwhile: again during the update process, it says it is checking some files on my hard-disk, they are all called ".vbs" and they seem to be on the root folder of each partition - but I've checked and there are no such files - at least, Windows doesn't show them even if I tell it to display hidden/system files.

Thanks again for your help,
cheers,
Frank

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Avast update connects to adult site
« Reply #6 on: July 11, 2009, 02:21:39 PM »
it says it is checking some files on my hard-disk, they are all called ".vbs" and they seem to be on the root folder of each partition
Whom is "it" here? avast update?
It does not call any .vbs file to update... seems really a malware behavior.
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87079
  • No support PMs thanks
Re: Avast update connects to adult site
« Reply #7 on: July 11, 2009, 05:11:05 PM »
@ entu
One crucial thing not mentioned is your firewall ?
As this is an important part of your systems security -  It should be capable of blocking unauthorised outbound Internet Connections.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

entu

  • Guest
Re: Avast update connects to adult site
« Reply #8 on: July 11, 2009, 07:37:58 PM »
Hi again everybody, some update.

I've run a complete scan with avast! (4.8 home edition). I've had to run it manually with the system already started, because I wasn't able to find an option to schedule the scan at startup. Anyway, it didn't find anything.

I've run avast antirootkit and no threat was found.

Then I've run MBAM and it found some files and some folders infected by backdoor.bot.

When it asked me what to do with those files and folders, I've told it to quarantine the files and to take no action against the folders - those folders contain several sub-folders filled with documents I need to keep.

I was unsure about what my actions could lead to, anyway, I've restarted the system as MBAM asked me to do and I rerun MBAM to check if those folders resulted still infected - that surprised me: those folders passed the check and no further infection was found.

By the way I have no idea how a folder could get infected - but I'm no expert, you can guess.

@ DavidR: my OS is WinXP SP2, the firewall is active and fully working - afaik.

I've just ran the avast update option and it still goes on displaying stuff like "confirm file: C:\.vbs" (btw, "confirm file" is my translation of the Italian string "conferma file:") also it still goes on connecting to those adult sites - btw, shall I remark the domain of that website here or somewhere else? it is always the same domain and the same addresses.

I'm going to try all the other steps given by Tech.

Thank you all again for your time and please excuse me for these step-by-step posts.

All the best,
Frank.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Avast update connects to adult site
« Reply #9 on: July 11, 2009, 07:43:59 PM »
I suggest an installation from the scratch:

1. Uninstall avast from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall and use it for complete uninstallation. If, for any reason, you can't run it, try booting in Safe Mode and doing it from there.
4. Boot.
5. Download, save and install the latest avast! version. It will be good to accept the boot time scanning on next boot.
6. Boot.
7. Check and post the results.
The best things in life are free.

entu

  • Guest
Re: Avast update connects to adult site
« Reply #10 on: July 11, 2009, 07:49:33 PM »
Thank for your new directions Tech, I'm going to follow them and I'll get back here once I'll be done.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Avast update connects to adult site
« Reply #11 on: July 11, 2009, 07:51:25 PM »
Thank for your new directions Tech, I'm going to follow them and I'll get back here once I'll be done.
I was thinking better... something is weird in your hosts file... follow steps I've posted before.
The best things in life are free.

entu

  • Guest
Re: Avast update connects to adult site
« Reply #12 on: July 11, 2009, 07:53:57 PM »
All right, I'm going to do the hosts check & restore stuff.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87079
  • No support PMs thanks
Re: Avast update connects to adult site
« Reply #13 on: July 11, 2009, 07:55:05 PM »
<snip>
@ DavidR: my OS is WinXP SP2, the firewall is active and fully working - afaik.

I've just ran the avast update option and it still goes on displaying stuff like "confirm file: C:\.vbs" (btw, "confirm file" is my translation of the Italian string "conferma file:") also it still goes on connecting to those adult sites - btw, shall I remark the domain of that website here or somewhere else? it is always the same domain and the same addresses.
<snip>

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.

- There are many freeware firewalls such as, Comodo (care required now it is a suite not to install the anti-virus element), PCTools Firewall Plus, Online Armor and recently released, Outpost Firewall free 6.5 (2009)

See http://www.matousec.com/projects/firewall-challenge/results.php.

Many forum users are using all of the above:
- PC Tools Firewall seems to have the least user headaches as it doesn't seem to be constantly asking the user questions about this and that.
- Online Armor for the most parts fine but it has caused some users grief after avast program updates and that is something you have to watch out for.
- Comodo is now a suite and you have to do a custom install so as not to install the antivirus element (or use the add remove programs to remove the AV element if already installed), of all the firewalls listed this seems to be the noisiest in asking questions, depending on settings and elements used, so it could be daunting for those not to familiar with firewalls or their systems.
- Outpost Firewall 2009 free, a cut down version of the Outpost Firewall Pro version, which should still provide good protection, http://free.agnitum.com/. Download, http://www.filehippo.com/download_outpost_firewall/

I'm not convinced a clean reinstall of avast will make the slightest difference, I would be happy to be proven wrong though.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

micky77

  • Guest
Re: Avast update connects to adult site
« Reply #14 on: July 11, 2009, 08:07:31 PM »
You should post ALL logs from MBAM, and SAS and HJT,( which you have yet to run ) HJT takes 10 seconds, yet can tell a lot
« Last Edit: July 11, 2009, 08:09:38 PM by micky77 »