Avast Shields/Fw + Steam = Nightmare

Hi Guys,

I have been having issues with the Avast’s shields/fw, I have reinstalled my OS multiple times and for some reason AVAST loves to block steam’s update servers even when its whitelisted.

The following IP Addresses are being actively blocked by Avast
208.64.200.7 Port 80 Identifiying as “System”

I am thinking of completely removing Avast and going with a different A/V. This has gotten out of hand!

I could not find anything bad at that IP.

http://www.ipvoid.com/scan/208.64.200.7/
http://maldb.com/steampowered.com/nd
http://urlquery.net/report.php?id=9872644

Found suspicious javascript at jsunpack http://jsunpack.jeek.org/?report=99876652a8e2f7e150d3b376681bf6c607a1c24c
And alerts here http://zulu.zscaler.com/submission/show/a31f096f39b14530c96ade4f5ae2192b-1394666406
Threatstop showed bot or trojans from three years ago. Not sure if they were cleaned.
I was not able to check for cross scripting due to scanner overload.

You may contact avast about website issues with this form http://www.avast.com/contact-form.php

Thanks Para-Noid,

I will do a fresh install tommorow, Seems like Avast white lists the program then blocks it under system. If things don’t work out I’ll be looking at other FW systems that get on well with Avast. Any suggestions would be great!

General disclaimer - * do not try to reconstruct potential malicious/suspicious links - do this is on your own risk!

Consider details here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fwww.steampowered.com&useragent=Fetch+useragent&accept_encoding=

This domain cannot be resolved: htxp ed0. dot lux dot valve dot ne *
Also see issues here: http://dnscheck.pingdom.com/?domain=steampowered.com (historical etc.)

The third nameserver gives a reverse for 146 dot 66 dot 153 dot 352 pointing to the unknown host name see above *

polonus

Hi Polonus,

Many Thanks for the site analysis, I have looked at the 3rd ns record. It points to valve’s Luxembourg datacenter. This is there backup storefront server hence the lookup to ed0.lux.valve.net

I’ll continue to monitor the site for any issues