Avast and MalwareBytes Outgoing

I keep getting notified of the following in MalwareBytes related to the AvastSVC. Is this behavior that should be allowed or sign of an infection of some kind.

01:04:20 MESSAGE Protection started successfully
01:04:24 MESSAGE IP Protection started successfully
01:28:35 IP-BLOCK 213.174.146.196 (Type: outgoing, Port: 50486, Process: avastsvc.exe)
01:28:35 IP-BLOCK 213.174.146.196 (Type: outgoing, Port: 50487, Process: avastsvc.exe)
01:32:19 IP-BLOCK 95.211.133.177 (Type: outgoing, Port: 50809, Process: avastsvc.exe)
01:32:19 IP-BLOCK 95.211.133.177 (Type: outgoing, Port: 50811, Process: avastsvc.exe)
01:45:42 IP-BLOCK 208.94.233.132 (Type: outgoing, Port: 51639, Process: avastsvc.exe)
01:45:42 IP-BLOCK 208.94.233.132 (Type: outgoing, Port: 51640, Process: avastsvc.exe)
08:13:04 MESSAGE Protection started successfully
08:13:08 MESSAGE IP Protection started successfully
08:48:15 IP-BLOCK 208.94.233.132 (Type: outgoing, Port: 49556, Process: avastsvc.exe)
08:48:15 IP-BLOCK 208.94.233.132 (Type: outgoing, Port: 49557, Process: avastsvc.exe)
08:52:23 MESSAGE IP Protection stopped
08:52:24 MESSAGE IP Protection started successfully
08:54:16 IP-BLOCK 94.228.220.130 (Type: outgoing, Port: 49603, Process: avastsvc.exe)
08:54:16 IP-BLOCK 94.228.220.130 (Type: outgoing, Port: 49604, Process: avastsvc.exe)

Thanks,
Bob

Yes it is a sign of infection.

Do you have the latest Malwarebytes V1.50 definitions 5356 ???

Have you run a Quick scan ???

Run a scan as YoKenny has suggested with MBAM and Avast, do a good clean of your system with ccleaner, also try this in browser, go to tools/f12 developer tools/cache, and clear your cache list, if you still keep getting the malwarebytes reports post back here so to recieve further help.

I’m getting the same thing here now. Did anyone find a solution to this? I know I had a trojan recently (it got past my av software, spybot, ad-aware BUT Malwarebytes CAUGHT it) but I thought I had fully removed it. It appears that the antivirus software has been infected. I think I’m going to try running one of those online virus scans and see what happens. Please let me know if you found any solution to the above. Thanks.

Sorry, as if it really makes much of a dif…

2012/04/27 19:34:17 -0700 JCK-PC J@CK MESSAGE Starting protection
2012/04/27 19:34:23 -0700 JCK-PC J@CK MESSAGE Protection started successfully
2012/04/27 19:34:26 -0700 JCK-PC J@CK MESSAGE Starting IP protection
2012/04/27 19:34:27 -0700 JCK-PC J@CK MESSAGE IP Protection started successfully
2012/04/27 19:38:07 -0700 JCK-PC J@CK MESSAGE Starting database refresh
2012/04/27 19:38:07 -0700 JCK-PC J@CK MESSAGE Stopping IP protection
2012/04/27 19:39:21 -0700 JCK-PC J@CK MESSAGE IP Protection stopped
2012/04/27 19:39:23 -0700 JCK-PC J@CK MESSAGE Database refreshed successfully
2012/04/27 19:39:23 -0700 JCK-PC J@CK MESSAGE Starting IP protection
2012/04/27 19:39:25 -0700 JCK-PC J@CK MESSAGE IP Protection started successfully
2012/04/27 23:13:33 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 53891, Process: avastsvc.exe)
2012/04/27 23:13:33 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 53894, Process: avastsvc.exe)
2012/04/27 23:13:41 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 53919, Process: avastsvc.exe)
2012/04/27 23:13:41 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 53921, Process: avastsvc.exe)
2012/04/27 23:23:34 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 54882, Process: avastsvc.exe)
2012/04/27 23:23:34 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 54883, Process: avastsvc.exe)
2012/04/27 23:24:06 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 54930, Process: avastsvc.exe)
2012/04/27 23:24:06 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 54931, Process: avastsvc.exe)
2012/04/27 23:37:44 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 8)
2012/04/27 23:37:44 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 8)
2012/04/27 23:37:44 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 8)
2012/04/27 23:37:44 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 8)
2012/04/27 23:37:52 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 8)
2012/04/27 23:37:52 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 8)
2012/04/27 23:37:52 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 8)
2012/04/27 23:37:52 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 8)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55851, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55852, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55853, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55854, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55856, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 55857, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55865, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55866, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55867, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55868, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55870, Process: avastsvc.exe)
2012/04/27 23:38:16 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55871, Process: avastsvc.exe)
2012/04/27 23:38:40 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55899, Process: avastsvc.exe)
2012/04/27 23:38:40 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55900, Process: avastsvc.exe)
2012/04/27 23:38:40 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55908, Process: avastsvc.exe)
2012/04/27 23:38:40 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55909, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55911, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55912, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55914, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55915, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55917, Process: avastsvc.exe)
2012/04/27 23:38:48 -0700 JCK-PC J@CK IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 55918, Process: avastsvc.exe)

Your machine is still possibly infected and Malwarebytes is blocking access to that IP address.

Checking with Domain Tools shows there is a problem http://whois.domaintools.com/173.192.183.196

Viewing a cached Whois record The Whois registry responsible for this domain name did not provide a valid Whois record. The cached record shown here was current on 04/12/2012. Please check back later for any updates.

Google that IP address andothers have had issues relating to Chrome calling the same thing.

It appears that the antivirus software has been infected.
nop it is not.....it is just avast webhield that act as a proxy so that is why you see avastsvc.exe

OBS: and you posted in topic that is from 2010…let the old one be old and start new :wink:

Damnit man. >:( UGH. :o Oh well… :-\ I have no clue what to do :cry: those things don’t mean anything to me it’s like trying to learn spanish all over again and as annoying and frustrating as run-on sentences without any commas or periods. :wink:

I guess that’ll teach me for dabbling on the dark-side. :-[ I forgot the password on some confidential crap on my HD and downloaded a program to help me recover/open my old files and this is what I got instead… :frowning:

if you want a malware check

start a new topic in the virus and worms section

follow this guide and attach ( not copy and paste) the logs
http://forum.avast.com/index.php?topic=53253.0

Just an FYI, I found a program pretending to be an adobe flash .exe file (but it was listed as some other company) and deleted it. A restart and all seems fine now… ;D

This was NOT picked up by any antivirus software full scan or malware bytes or spybot or housecall or ad-aware even… Thanks.

P.S. - I loved avast but according to virustotal.com AVG would have caught it to begin with but avast failed me. AVG was only 1 of 6 that would have caught it so unfortunately I have to switch now. Bye avast, hope you get better soon…!

Quick, find something AVG misses and then switch to someone who does catch it. :stuck_out_tongue:

You literally could wear a new AV every day of the week with that mindset.