Can someone tell me what this connection is and if it’s safe?
http://i.imgur.com/qMP6CwI.jpg
It’s in the Firewall Network connections section and it’s under C:\Program Files\AVAST Software\Avast\AvastSvc.exe
I am using the new version via the 20 day trial for internet security 2015.
Thanks.
It appears others are looking at this site too:
https://www.virustotal.com/en/url/6b2f271ce7a3261e5919b9b2f48add403c9c1ade8cb48f002c281d4f4adec44b/analysis/
Other webscanning engines report as down or benign:
http://www.herdprotect.com/ip-address-198.105.212.228.aspx
http://zulu.zscaler.com/submission/show/066c37fe0d660bd984cf62970a25f7fb-1413954102
http://sitecheck.sucuri.net/results/mark.handbookforhandymen.com
http://www.downforeveryoneorjustme.com/mark.handbookforhandymen.com
Could be a way avast! is blocking this site in the trial or paid versions, similar to a DNS filtering/lookup table, or the site is actually down at the moment.
It’s not from avast!, avast’s process just scans it, thats why it looks like avast! seems to be doing it, because all traffic goes through avastsvc.exe process.
mchain, that was me.
I killed the connection and now it’s back under system.
I suggest you go to Full scan menu, enable PUP detection and scan the system. There has to be something missed that is doing this. Most likely a PUP…
Are you the owner of this site? Or did you kill the connection within avast? See RejZoR answer.
I am not the owner of the site, it just showed up - as the first picture says.
The Virustotal scan of the site was from me, that was what I meant.
I was doing a quick scan but I’ll change it to fullscan and shut off the network. I also have Malwarebytes premium but that hasn’t found anything on it’s threat scans.
There should be one more trick to see what’s doing it. Disable Web Shield shield entirely (but just this shield) and check the firewall to see which EXE is really doing it. Because when you turn off Web Shield, connections shouldn’t pass through avastsvc.exe anymore and you should see the actual origin EXE. This should help us identify the real cause of it and not the wrong one (avast!'s service just scanning it).
I disabled the webshield and it’s still under system and the same as the second photo shows.
I’m not going to pretend I know the possibility of what I’m about to say, but is it per chance possible?
My ISP has this thing called ‘Global Mode’, where my country’s IP addresses don’t get flagged as ours - it relies on their DNS settings - so it looks as if the user is not from my country but instead American so we can go to sites such as Hulu and Netflix etc. Now, with SecureDNS off, the issue (the connection ‘mark.handbookforhandymen.com’) has not come back, but instead there was another one that had the same DNS and/or ISP in the ‘Get Details’ thing. I currently have the secure DNS off, and it has nothing other than what I expected to be there (connection wise - Chrome extensions etc). However, when I turn the SecureDNS on, it all goes back to there being a weird connection much like the mark.handbook… but instead it’s I think the IP address and the ISP and more all in the name, which reminds me of the DNS I get when I google it for my ISP (ie they’re similar, IP address and ISP name in the name of it).
Is it possible this is just a conflict between my ISP’s DNS and the SecureDNS?
note; if any of this makes no sense please don’t hesitate to tell me to shut up - because as I said, I don’t know anything about this.
Are you using ProxMate in your browser or through DNS ?
No proxies of any kind. The thing I described above is all through my ISP.