Hello,
I thought I would post this here since Malwarebytes is blocking and reporting su2.ff.avast.com as a Malicous Website.
All scans are reporting clean.
This pops up every few minutes and just started today.
Thanks
same thing showed on my computer today!!
For me the first thing I disable in MBAM Pro was the malicious sites as it doesn’t do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.
AS you can see these are sub-domains of avast.com.
I have the same issue. Started today at about 2PM Pacific Time. Michael
Please report it on the Malwarebytes forum.
It might not be a false positive, appears to related to a DNS hijacker if you read the post by MysteryFCM https://forums.malwarebytes.org/index.php?/topic/172525-su2ffavastcom-being-blocked/
More information here https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/
It would seem that Avast needs to update its client-side software and/or server configuration to resolve this issue. It’s affecting a number of people (myself included) and it doesn’t seem to be attributable to Malwarebytes. Of course, if Avast disagrees that’s fine, but I would ask that Avast take up the issue with Malwarebytes and come to an agreeable solution. Each company telling all these people to contact the other company’s support staff is a waste of everyone’s time. Thanks!
It looks like this is a DNS hijack as reported at Malwalebytes.
https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/
Many have changed their DNS which fixed the problem without disabling Malwarebytes.
Here is a link to change your DNS.
https://developers.google.com/speed/public-dns/docs/using?hl=en
Avast needs to fix their product…
This started about four days ago for me. Resetting DNS to the Google settings seems to have fixed it for me. I am running Win 7 Pro, MWB Premium, Avast PRO and using Verizon FIOS.
Same Problem I am having. the MBAM forum states: the avast program is trying to make connections to “su2.ff.avast.com” but “su2.ff.avast.com” does not resolve to an IP address and, so, the connection is redirected to the “92.242.140.21” IP address which is flagged by the MBAM program. I tried to ping the address myself and it would not resolve.
Attached is the protection file from malwarebytes that shows avast as a malicious website
I want someone from Avast to address this issue. This is silly, the transmittal is coming from their system and is annoying.
I’m not from avast, but an avast user just like yourself - If this is DNS Hijacking as has been suggested on the malwarebytes forum, then this is somewhat different when saying who is at fault.
Are you aware what dns hijacking is, when your computer/browser tries to access a site that is shown in a user friendly/readable form such as su2.ff.avast.com it checks against ‘your’ DNS server commonly provided by your ISP to get the IP address.
If that DNS has been hijacked then it can return a different IP address, which could be considered malicious. But if it is your ISPs DNS server that has been hijacked then they have to resolve that. This is why not everyone is effected by this and why the suggestion to change your DNS server resolves this problem, when nothing has changed in avast.
So it isn’t as clear cut as you might think.
I’ve been battling this for 3 days. Ran numerous virus and malware detection programs to no avail. Finally changed the DNS server of my wireless router to Google 8.8.8.8 and haven’t had the popups return as of yet. Running Win7, MWB and Avast Internet Security. Verizon FIOS.
This problem started 3 days ago on two of my laptops. It may be on my desktop but have not found the annoying popup there that is on these.
I tried to contact AVAST, and MALWAREBYTES… what a laugh.
I am in awe of anyone that can do anything technical wise on a computer.
I can’t.
For me to change a DNS would be the equivalent of me being able to split an atom.
What I want to know is if I get away from AVAST completely… though I am paid until 2017… and go with Webroot or another, would that solve the problem?
I have also changed the dns (to the open one, not google) and that has solved the problem but it was a scary thing to do. First, though, I uninstalled avast and probably won’t be coming back since I found another good free antivirus program.
Here is a response from Avast in the other thread regarding this.
https://forum.avast.com/index.php?topic=176229.15
Until they update the program you can disable Web Protection or change your DNS settings. Verizon seems to be the ISP with most issues but once I change to Googles DNS or another DNS the pop-ups stopped.
CyberTom
Re: su2.ff.avast.com
« Reply #28 on: Today at 01:05:30 PM »
Hi All,
there’s a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn’t doing any harm up until recently as every DNS server should be reporting that domain as non-existent.
Note this response from Google DNS servers:
Code: [Select]
nslookup su2.ff.avast.com 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can’t find su2.ff.avast.com: NXDOMAIN
What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.
We’ll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.
Regards.
Well, I got a reply from Malwarebytes regarding this.
They sent me to a link that suggested as others have done to change the DNS.
They also suggested if using Avast to try one of theirs, which I did first.
Then I tried the Google ones they suggested.
NO help for me…