When my internet was bogged down, I headed over to the resource manager to check if a botnet was uploading or downloading huge amounts of data. Instead, I saw that avast uploads alot. Why does avast do this?
What do you mean avast uploads a lot, if you can post some information about what is supposedly being uploaded and to where ?
The web shield proxy filters internet traffic so it might appear that avast is making connection, but it is acting as a proxy for your browser.
Packets are being uploaded to various websites, mostly activate.adobe.com
Well the problem is that avast doesn’t generally activate any connections. Whilst avast uses adobe flash player to display the stats graphs within the UI, if you don’t have flash installed it simply doesn’t ask you to download it and it shouldn’t have any need to activate it.
Do you have any Adobe products installed and do you allow them to auto update ?
Other than that I’m at a bit of a loss as to what else it might be.
Here’s a pic.
Check out the IP addresses in that shot … PORN site at badnode :
That “porn” site, is the IRC server.
Anyone care to answer my question?
Of the 3 IPs shown in that png :
75.125.29.226 - http://www.ip-catalogue.com/75/125/29/226/75.125.29.226-server.html (avast)
74.125.224.79 - http://www.ip-adress.com/whois/74.125.224.79 (google)
69.167.51.8 - http://www.ipaddress.com/reverse_ip/69.167.51.8 (digicert)
also see ... http://www.ipaddress.com/domain_whois/digicert.com
also see ... http://en.wikipedia.org/wiki/DigiCert
I think you are missing the point in the way that avast! works. Every connection that is made, is routed through avastsvc.exe (the scanning engine)
So for example, when you refresh a page in your browser that request is redirected to localhost (rather than the site) where it is picked up by avast and then the connection continues where it is scanned by avast.
You can see this is you run TCPView from sysinternals. As one connection is made from the browser, it is transferred to avastsvc.exe
Scott