su2.ff.avast.com

Avast Free Antivirus / Premium Security
21

No problems or alerts by MBAM here. I ran Premium 2.1.8.1057 with malware and malicious website protection enabled

22

Same.

I’m using Avast along with MBAM Premium and MBAE (free) and also have not had any problems/alerts regarding any IP blocks.

I’ve even checked the Malwarebytes logs, nothing at all.

23

Looks like some are getting hit and others are not… oh well… Too bad Avast lost me for a customer…

24

I’m think this issue is related to streaming updates on a particular CDN.

Different parts of the world be on different CDNs and I think there is 1 CDN which is affected (it does have ff.avast.com) at the end but it’s possible that this particular IP is not being by avast! anymore too.

I could also be completely wrong with my assumption.

25

Some information that may be useful … I have used my laptop in two locations in the last 24 hours, and the alerts appeared only in one of those two locations. (In both cases I am connecting through a Wifi connection.) Where I am now, they are not happening at all. Tonight I will be returning to the original location where I saw this problem, and I’ll see whether the alerts come back again.

Hopefully this might be a clue as to the root cause and/or fix?

26

Maybe you need to read the replies ??? You removed Avast even though this has nothing to do with Avast.
Your computer, your choice. Certainly not mine. :slight_smile:

27

https://forums.malwarebytes.org/index.php?/topic/172548-infected-by-su2ffavastcom-ip-9224214021-dns-hijacking/?p=988597

28

Mhmn-yeah, you’re not alone. It’s been about 2 days that I’m getting hit by this like crazy. I had to delete my overloaded logs.

This fixed it: https://forums.malwarebytes.org/index.php?/topic/172652-read-me-seeing-9224214021-blocks-read-me-please/

29

Hi All,
there’s a legacy piece of code trying to reach obsolete domain su2.ff.avast.com. It wasn’t doing any harm up until recently as every DNS server should be reporting that domain as non-existent.

Note this response from Google DNS servers:


nslookup su2.ff.avast.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find su2.ff.avast.com: NXDOMAIN

What seems to be happening is this. Some ISPs are possibly using this service www.barefruit.co.uk for returning custom (advertising?) content to many network related errors, like non-existent domains. And MBAM seems to start having issues with this content or a set of IP ranges, reporting it as a malware content.

We’ll disable queries to this domain into the next available release which should resolve the problem with this particular non-existent domain. But the other part of the problem lies elsewhere, ISP serving custom content on invalid requests (DNS, HTTP) and MBAM reporting it as malware.

Regards.

30

^This explanation makes a lot of sense. Regarding my earlier post above, I can now confirm that the error message only happens in one location (a residence where I believe the ISP is Verizon), and not in another (a hospital setting in which the network is presumably set up by a professional IT staff).

31

The lastest version of Avast did not seem to fix this issue. Once I switch back to Verizon dns the pop-ups re-occurred.

32

You don’t say what version you have, as the latest version is now 10.4.2233 released, very recently.
https://forum.avast.com/index.php?topic=176600.0

33

can confirm version 10.4.2233 did NOT fix the su2.ff.avast bug

34

Sorry guys, when I was posting my message, the version you’re mentioning was already in testing stage and was closed for changes. So the fix will be in the next version, which will probably be (unless any super urgency occurs) Avast 2016.

Regards.

35

I think the real problem ist that you shouldn’t use 2 malware programs at the same time. One is enough. If somethink is really suspicious I send it to Virustotal or Jotti.

36

The rule is not to use two resident Antivirus programs at a time. :slight_smile: Avast and Malwarebytes work well together

37

I use both Avast (with real time protection) and Malwarebytes free (only as a scanner) on the same machine, no problem.
Yes I use Virustotal and Jotti too, but they are for individual files, have file size limits, and I can’t change any settings in their scanners. Besides, what if you happen to be offline? :slight_smile:

38

Thank you JBG for the update!
CyberTom

39

I use Avast (or another Tool) as real time protection and as a scanner. Think that’s enough security; why use another program?

40

Because Malwarebytes is an excellent companion to any AV that includes Avast. :slight_smile: