Author Topic: Why Is AvastUI.exe Dialing Out To India?  (Read 8903 times)

0 Members and 1 Guest are viewing this topic.

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Why Is AvastUI.exe Dialing Out To India?
« on: September 18, 2011, 05:20:20 PM »
I have no problem with it connecting to Avast servers but some guy in India? I have also seen it connect to Roadrunner servers in the US?

See attached
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84864
  • No support PMs thanks
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #1 on: September 18, 2011, 05:37:14 PM »
When was this happening ?
I have checked my firewall logs and I don't see any connections like this one.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #2 on: September 18, 2011, 05:43:21 PM »
I think everytime you go into the Avast GUI and enter the screen where you get the Avast upgrade ad, you get the dial-out. The India connection has been "piggy backed" on this dial-out for a while on my PC. What also bothers me is the connection stays in existance in a closed-wait state.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #3 on: September 18, 2011, 06:14:56 PM »
What is very interesting is the IP associated with the India guy, 74.55.80.203,is on the same servers Avast is using ................

American Registry for Internet Numbers NET74 (NET-74-0-0-0-0) 74.0.0.0 - 74.255.255.255
ThePlanet.com Internet Services, Inc. NETBLK-THEPLANET-BLK-14 (NET-74-52-0-0-1) 74.52.0.0 - 74.55.255.255


AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84864
  • No support PMs thanks
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #4 on: September 18, 2011, 06:23:30 PM »
Well there are a number of avast servers shown as theplanet.net so I don't know if this is what is causing confusion when resolving the IP address.

EDIT: If I open the UI, Summary these are the TCPView listings, see image.
« Last Edit: September 18, 2011, 06:26:35 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #5 on: September 18, 2011, 08:55:08 PM »
Servers are globally distributed for update :)
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84864
  • No support PMs thanks
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #6 on: September 18, 2011, 09:15:47 PM »
Yes, but the avastUI doesn't handle updates, the Ad in the Summary and the iNews, etc. has to come from somewhere though.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #7 on: September 18, 2011, 09:30:38 PM »
India guy?

74.55.80.203 is definitely our own server.
It is one of the servers that are behind the program.avast.com DNS name, and is physically located in Houston, TX.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #8 on: September 18, 2011, 10:29:18 PM »
I tired a few things on my end and no matter what the second avastui.exe connection in TCPView shows w2k325j.hosttalks.net.

Now it get really weird. Whois.net domain name lookup for w2k325j.hosttalks.net yields an IP address of 128.252.54.18?

Tracert of 128.252.54.18 yields a college endpoint - very suspect.

C:\Users\Don>tracert 128.252.54.18

Tracing route to ACCT-018131.nts.wustl.edu [128.252.54.18]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  192.168.1.254
  2    26 ms    25 ms    26 ms  adsl-98-91-36-1.chs.bellsouth.net [98.91.   - me -
  3    36 ms    36 ms    35 ms  72.157.38.17
  4    36 ms    35 ms    35 ms  72.157.38.53
  5    36 ms    36 ms    56 ms  12.81.68.48
  6    35 ms    35 ms    39 ms  12.81.68.24
  7    41 ms    35 ms    38 ms  ixc00jan-5-1-1.bellsouth.net [65.83.237.87]  - ???? -
  8    36 ms    35 ms    35 ms  12.81.98.30
  9    35 ms    35 ms    73 ms  12.81.104.73
 10    35 ms    35 ms    36 ms  12.81.100.4
 11    36 ms    35 ms    35 ms  12.81.104.56
 12    35 ms    35 ms    34 ms  12.81.56.61
 13   101 ms    69 ms    35 ms  65.83.238.190
 14    46 ms    45 ms    45 ms  cr2.rlgnc.ip.att.net [12.123.152.110]
 15    49 ms    47 ms    47 ms  cr1.wswdc.ip.att.net [12.122.3.170]
 16    44 ms    44 ms    44 ms  12.122.135.165
 17    46 ms    45 ms    45 ms  192.205.37.106
 18    50 ms    45 ms    46 ms  te0-4-0-1.mpd22.dca01.atlas.cogentco.com [15
.41.249]
 19    66 ms    64 ms    65 ms  te0-2-0-4.mpd22.ord01.atlas.cogentco.com [15
.40.242]
 20    66 ms    65 ms    65 ms  te0-1-0-0.ccr22.ord01.atlas.cogentco.com [15
.6.178]
 21    72 ms    72 ms    72 ms  te3-2.ccr01.stl03.atlas.cogentco.com [154.54
30]
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.

I have had no previous problems with using the Whois function in TCPView.

This sure smells like some type of DNS rebind to me.

In any event I found a solution - block outbound on avastui.exe.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline High_Treason

  • Newbie
  • *
  • Posts: 16
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #9 on: September 18, 2011, 10:54:19 PM »
Why is is that software today always seems to like connecting to the internet for no apparent reason, I must say, on top of all the scareware, logic bombs and shovelware this does seem suspicious.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #10 on: September 18, 2011, 11:04:37 PM »
Reverse DNS lookup is often bogus.
What really matters is the IP address - if it was really 74.55.80.203, I don't think there's anything suspicious going on...

Blocking AvastUi.exe in the firewall may have negative consequences as it may limit some of the product's functionality.


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70171
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #11 on: September 18, 2011, 11:11:51 PM »
Blocking AvastUi.exe in the firewall may have negative consequences as it may limit some of the product's functionality.

Which exactly..??
Thanks,
asyn
W 8.1 [x64] - Avast PremSec 21.4.2461.B2 [UI.614] - EEK - Firefox ESR 78.10.1 [NS/uBO/PB] - TB 78.10.1
Avast-Tools: Secure Browser 90.0 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #12 on: September 18, 2011, 11:53:28 PM »
Which exactly..??
Remote content, for instance.
The best things in life are free.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 70171
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #13 on: September 18, 2011, 11:56:12 PM »
Remote content, for instance.

Which would be..??
W 8.1 [x64] - Avast PremSec 21.4.2461.B2 [UI.614] - EEK - Firefox ESR 78.10.1 [NS/uBO/PB] - TB 78.10.1
Avast-Tools: Secure Browser 90.0 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Why Is AvastUI.exe Dialing Out To India?
« Reply #14 on: September 18, 2011, 11:59:19 PM »
The best things in life are free.