su2.ff.avast.com

Avast Free Antivirus / Premium Security
1

My malwarebytes keeps telling me that there is malware with the domain of su2.ff.avast.com, IP Address 92.242.140.21 Port 50183 Outbound in Avstsvc.exe

I am not sure what this is and why this is happening. How can I fix it.

I run Malwarebytes and my Avast and neither of them find any issues.

Regards,

2

Same exact pop-ups here. First time this happened to me starting earlier today. It’s still popping up.

3

my malwarebytes has also detected it…it won’t stop, popping up about every 2-3 minutes…ran a scan and cleaned computer and all is good, nothing found, so definitely has to be on avasts side of things since many others are also having the same issue…very very annoying

4

For me the first thing I disable in MBAM Pro was the malicious sites as it doesn’t do as it says on the tin - it notifies you on much more than malicious sites or rather it has many categories other than malicious sites included in its database.

AS you can see these are sub-domains of avast.com.

5

Thank you and Yes, temporarily disabling the Mailicious Website Protection on MBAM pro does stop the pop-ups. However, I don’t feel comfortable surfing the web with it off though :).

Hopefully Avast can confirm this is not a real threat or MBAM will flag it…

6

I looked at my MBAM a few minutes ago and it was stuck on updating. So I’ve restarted MBAM to complete the update (v2015.09.09.07) and no pop-ups notifying that ip so far. :slight_smile:

7

I did the update and I am still getting the popups… This is crazy…

8

Whoops. Sorry guys! Restarting MBAM disabled my protection the whole time… Go figure.
So I had to re-enable “Malware Protection” and “Malicious Website Protection”, and did another update (v2015.09.10.01).

As of so far right now, there have been no pop-ups while the following protection settings are turned on. Will say if it happens again.

There are 2 threads about it on their site: https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/

I’m using Windows 7 btw.

EDIT: lol And the pop-up is happening again. Ugh! Hope this gets fixed.

9

Getting the same thing. Has been happening all day - including MBAM pop up every 2-3 minutes. Have run scans, nothing found. Rebooted computer, etc. Still happening. IP address look up says it’s unallocated.barefruit.co.uk Class B: 92.242.0.0 - 92.242.255.255.

10

See here https://forum.avast.com/index.php?topic=176230.0

11

This is a freaking mess… Why can’t someone put a fix out there.

12

In 24-hours I will find a new protection software and DELETE avast.

13

It would seem that Avast needs to update its client-side software and/or server configuration to resolve this issue. It’s affecting a number of people (myself included) and it doesn’t seem to be attributable to Malwarebytes. Of course, if Avast disagrees that’s fine, but I would ask that Avast take up the issue with Malwarebytes and come to an agreeable solution. Each company telling all these people to contact the other company’s support staff is a waste of everyone’s time. Thanks!

14

Quote from another User…

it is an avast-issue… the avast program is trying to make connections to “su2.ff.avast.com” but “su2.ff.avast.com” does NOT resolve to an IP address and therefore the connection is redirected to the “92.242.140.21” IP address which is being flagged by the MBAM program…

y’all need to take up this issue with avast… tell avast that the avast program is trying to make connections to “su2.ff.avast.com” but “su2.ff.avast.com” does not resolve to an IP address and, so, the connection is redirected to the “92.242.140.21” IP address which is flagged by the MBAM program…

Avast please fix this otherwise you will be losing a lot of users…

15

This seems to be a DNS hijack as reported on Malewarebytes.

https://forum.avast.com/index.php?topic=176230.0

https://forums.malwarebytes.org/index.php?/topic/172524-marking-su2ffavastcom-as-malicious/

Many have changed their DNS which fixed the problem without disabling Malwarebytes.

Here is a link to change your DNS.
https://developers.google.com/speed/public-dns/docs/using?hl=en

16

I have decided to remove Avast and go to Webroot…

17

Good luck… The problem is Malwarebytes not Avast .
I have the Pro version but use it only on demand. Malwarebytes starting with v2, has become a system hog and doesn’t always work well
with other security programs.

18

Not necessarily true Bob, as far as Malwarebytes are concerned the detection is positive and appears to be a DNS hijacking as the IP in question is not related to Avast.

Malwarebytes being a system hog isn’t part of this topic but as you raised it then I’ll answer it, Malwarebytes plays well with all AV’s I’ve tested it with ( and that is many ) as long as exclusions are put in place as suggested on the Malwarebytes forum or simply by excluding the complete program file from each other.
Malwarebytes does use more memory than previous versions though I haven’t noticed any slow downs plus RAM is there to be used, the CPU use with MBAM is quite low as that would normally be the major cause of system sluggishness which I don’t see either.

19

Yeah… My Malwarebytes just crashed an hour ago. Perhaps the log was overloaded because of this popup. I have my notification settings turned off atm.

20

I removed Avast and installed WebRoot and I no longer get the malware alerts… So it was Avast…