Botnet:Blacklist

movitde · May 14, 2021, 11:09pm

Hello,

I am having a big problem with the Avast threat protection. Every 5 minutes a pop up appears that says that it has canceled the connection with tcp://142.250.186.68:443 which was infected with Botnet:Blacklist . The process is C:\windows\system32\svchost.exe . I have run Smart Scan multiple times but it couldnt find anything.

DavidR · May 15, 2021, 12:28am

Two things:

Whilst svchost.exe can have a legitimate reason to connect, but it is very unusual to see it in use like this. Normally you see Processes, your browser, etc.
The IP address belongs to Google (Google Cloud), so I don’t know if that could be misused.

https://www.google.co.uk/search?q=TCP+port+443
TCP port 443 is used for encrypted web services.

I’m wondering if some google program/service is trying to connect, but why it is using the svchost.exe service is beyond me.

You could try the - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php function, but I don’t know if it accepts IP addresses.

That said I have tried to submit it and give the link back to this topic.

movitde · May 15, 2021, 9:58am

Ok thanks for the help!

DavidR · May 15, 2021, 10:12am

You’re welcome.

polonus · May 15, 2021, 10:42am

See: https://abongo.com/investigate/142.250.186.68/host
and https://www.shodan.io/host/142.250.186.68

Is Google’s Certification authority - Google Trust Services - -https://pki.goog/

polonus

tornadox1 · May 15, 2021, 1:49pm

Same problem at my side, but the false postiv (i think) comes with my battle.net software at start up:

Botnet:Blacklist

URl: tcp://142.250.186.68:443

Process: C:\Program Files (x86)\Battle.net\Battle.net.exe

This morning it runs normal and then comes the last virus definition and the problem begans.

Janoo · May 15, 2021, 4:23pm

Same problem.

I am using Thunderbird with a Google Plugin and recently i become regularly the warning.

Botnet:Blacklist

URL: tcp://142.250.186.68:443

Process: …thunderbird.exe

tornadox1 · May 16, 2021, 1:27pm

The last virus definition (210516-2) fix it for me.

DavidR · May 16, 2021, 3:00pm

Thanks for the confirmation.

Janoo · May 17, 2021, 1:53pm

Unfortunately not for me.
My father also has the same problem with the Google Ip (142.250.186.68:443).
He uses Google Earth.

Last virus definition (210516-6)

avastuser3249 · May 18, 2021, 2:21pm

Hi,

This was a false positive.
Our virus specialists have cleared its reputation in our database, and it should no longer be detected.
Please accept our apologies for any inconvenience caused.

Botnet:Blacklist

Announcements