Avast accessing unsafe Russian site

I am running free version of Avast. It’s CPU usage jumped to 98% so I looked at it in SysInternals Process Explorer. The TCP/IP tab revealed that Avast was was in communication with host69.rax.ru (88.212.196.69) After several minutes CPU usage went back to normal and the connection was severed. I googled rax.ru and it does not have a good reputation. What’s up with this???

Avast isn’t in communication with the site, e.g. avast didn’t initiate the connection.

The avast web shield redirects http traffic through a local proxy so that it can scan the content. So it appears that avastSvc.exe is communicating with the site.

What has to be found is the origin of the request to the site which was redirected.
So what were you doing when this happened ?
If browsing what site were you visiting when this happened ?

Hello !!!

Download HijackThis from the official site
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

  1. Do a system scan and save a logfile
  2. logfile show forum (“Attach”)

Thanks, of course that makes sense.
I was visiting one of my favorite download sites when the CPU usage went crazy, which put me in a suspicious frame of mind :slight_smile:
It must be one of the embedded ads that is the cause.
HiJackThis shows nothing alarming…
Cheers

I’ll

You’re welcome.

There is always the possibility that the site was hacked trying to redirect to the other site or it was ads poisoning (some adverts/banners coming from third party ad servers, can be crafted to redirect to other sites).

In most cases avast’s web shield would be right on top of (read very hot) any hacked site as it requires injected script to do that and the network shield would also block access to known (by avast) malicious sites. So with neither of those happening you can rest a little easier, you could run an avast scan on your system if you haven’t already done so, also MBAM (see below).

MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later.

Install, Update, run the MBAM scan and post the contents of the log if anything found.