This is an alert i started getting today. It appears as soon as Avast starts up whether i’m connected to the internet or not. It’s not an exaggeration for me to say that i have no idea where to even begin to start solving this issue… For my own sake, let’s proceed with the assumption that i am no good with computers or the internet.

https://i.imgur.com/fZuxkb0.png

Again, this alert appears seemingly on its own without my input. It seems svchost.exe is infected with a worm or something? Neither Avast nor AVG can detect anything, and i haven’t had any luck with internet searches. How do i resolve this? How much danger is my system in? Thank you for your time.

UPDATE: happened again upon starting Resident Evil 4 from Steam. Same message and everything.

I have the same problem and I don’t know how to solve it, since it appears every time I turn on the pc http://bit.ly/3Gy0iKw

did it start very recently for you too? maybe it’s a brand-new problem

I have the same problem and it started today, have gotten this alert twice.

I have the same problem

Same here. I’m getting the message every time on Avast start up. Actually kinda concerned about it.

Same issue, already tried Malwarebytes, HitmanPro, ADWCleaner, RKill, and Windows Command to Scan svchost.exe. Still comes back after every start up.

Seeing some of you are using Steam, did you have bought anything online and paid for it with a credit card for the past 48 hours? Might check in with Valve if there’s something similar, this things keeps coming back.

https://forum.avast.com/index.php?topic=321840.0

Anyways we should wait for an official verdict from an avast team member.

As it is their definitions.
And they are the only ones eventually to confirm detection or unblock.

At VT it is not being detected (could also be so-far*): https://www.virustotal.com/gui/url/a750fed74094e58b920737ea129ad24801a392d53ba333094d387e490b5305f0/detection

but some members in the VT user-base there still have their doubts: https://www.virustotal.com/gui/url/a750fed74094e58b920737ea129ad24801a392d53ba333094d387e490b5305f0/community

What is also striking is we immediately will get an insecure http connection.
This sub-domain comes with an insecure connection: https://sitecheck.sucuri.net/results/https/crl4.digicert.com
ECS Server abuse? Odd IP-connection: https://www.abuseipdb.com/check/72.21.91.29

TLS Recommendations
HTTPS version of this website is not accessible: 404 Not Found. Please consider setting up HTTPS to avoid the “Not Secure” browser warning.

Even although website is being whitelisted, we find:

No redirect from HTTP to HTTPS found. You should redirect your website visitors to the HTTPS version to avoid the “Not Secure” browser warning.

But we are not out of the woods yet, while we read here: https://www.reddit.com/r/AskNetsec/comments/dpzeuo/is_this_guy_making_a_big_mistake_marking_72219129/

Avast should communicate whether this is a so-called False Positive or the real McCoy, a genuine detection.

polonus

P.S. @Pondus, why VT does not flag this tracking instance?
(To me personally Pondus is a VT-g33k * ;)).

The problem is recent, I still can’t solve it

Got the exact same triggered notification from Avast word for word.

Couldn’t figure out what caused it, kept popping up even after restarting my PC before opening anything, but managed to make it stop by using Avast to block the URL.

Hoping Avast respond about this soon…

For me the strange thing is the initiating executable file, whilst there occasions that svchost.exe legitimately connects to the internet. I find it hard to see why it would do so in this instance. Typically this is related to Windows Updates (and some other windows functions), which doesn’t appear to be the case here

https://www.google.co.uk/search?q=legitimate+reasons+for+svchost.exe+to+connect+to+the+internet

See - https://www.avast.com/c-what-is-svchost-file#topic-6
Ignore the Avast CleanUp free trial (unrelated to this issue) button and view the remainder of the information on the page.

L.S.

The problem is we see connections to digicert dot com being whitelisted by AbuseIPDB & others.
But also sub-domain, crl4 dot digicert dot com, has been whitelisted having IP 93.184.220.29.
This according to AbuseIPDB.

But following reports, being made there, it is still being abused for nefarious actions (phishing, attacks, malcode).
See: https://www.abuseipdb.com/check/93.184.220.29

So is EdgeCast NetBLk being abused, while officials state this cannot be, stats as denial of obvious facts?

Now we have to wait for some specifics from those that flagged this abuse in the first place.

I get this inside developers console on the browser

Access to fetch at ‘hxtps://s-install.avcdn.net/aos/assets/prod/translations/Locale-en-US.json’ from origin ‘htxp://crl4.digicert.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

polonus