hi
i got that alert from malwarezbytes its related to avast process .
what does it means i have no idea :S
Welcome to the forum!
That is a strange one. The IP belongs to someone in the US, based out of Chicago, IL.
Find Out Whois By IP: Enter IP Address: [Querying whois.arin.net] [Redirected to rwhois.softlayer.com:4321] [Querying rwhois.softlayer.com] [rwhois.softlayer.com] %rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5) network:Class-Name:network network:ID:NETBLK-SOFTLAYER.174.36.192.0/18 network:Auth-Area:174.36.192.0/18 network:Network-Name:SOFTLAYER-174.36.192.0 network:IP-Network:174.36.192.184/30 network:IP-Network-Block:174.36.192.184-174.36.192.187 network:Organization;I:Hosting Services Inc. network:Street-Address:223 West Jackson Blvd STE 1014 network:City:Chicago network:State:IL network:Postal-Code:60606 network:Country-Code:US network:Tech-Contact;I:sysadmins@softlayer.com network:Abuse-Contact;I:urgent@submitabuse.com network:Admin-Contact;I:IPADM258-ARIN network:Created:20080927 network:Updated:20090610 network:Updated-By:ipadmin@softlayer.com%referral rwhois://root.rwhois.net:4321/auth-area=.
%ok
Don’t really know the answer to this one, hopefully someone else does.
Does a MBAM scan show anything suspicious? Have you tried a boot time scan with avast? http://spgscott.wordpress.com/tutorials/avast-boot-time-scan/
Outgoing ??? ??? ??? it mean that it is your own ip address and maybe that is the web shield process that block by MBAM
Regards!!!
Do you know/use any of these sites…??
asyn
Results for IP 174.36.192.184
Displaying items 1 to 7, out of a total of 7
1. hxxp://almlf.com/
2. hxxp://dalil.almlf.com/
3. hxxp://smiles.almlf.com/
4. hxxp://www.almlf.com/
5. hxxp://www.dalil.almlf.com/
6. hxxp://www.smiles.almlf.com/
7. hxxp://www.toupic.almlf.com/
@ scythe944
my OS is x64 and my system is totally clean
no i didn’t visit any of them
No…we are here to help him.
@ united,
Have you scanned your machine with Avast for malware or with MBAM?
This means that MBAM IP Protection module has blocked network communication while your computer tried to access the malicious IP that is listed on MBAM database.
So united has MBAM Pro (paid version). So all should be fine.
@ united, you may want to hide your email address in your Profile.
Hmm… I would run a full scan with Mbam, just in case.
You can post the log here afterwards. Thanks.
asyn
It certainly can’t hurt.
I use CurrPorts v1.85 - Monitoring Opened TCP/IP network ports / connections
http://www.nirsoft.net/utils/cports.html
Look for an un-known Process.
United said this:
@ scythe944my OS is x64 and my system is totally clean
So, I assume that they did scans already.
the IP mentioned by the OP is just one among the hundreds of hosting servers used by Avast to display web content / ads in the free version. I’m just surprised that it’s Avastsvc doing that, it use to be AvastUI, but okay, fair enough, so far it was possible to block the ads by blocking AvastUI with a firewall, and I was expecting the move to another executable, i.e. svc. You can’t block svc obviously, unless you’re ready to block the web shield (and other shields) and the updates at the same time.
See screen shot to have an idea of what AvastUI use to connect to, and notice IPs from the same domain 
edit: I wouldn’t blame MBAM for blocking access to these sites ;D
Ah, the ads… forgot about them.
Hosted on a malicious host/website though? That’s not good.
yeah scanned with Avast , MBAM and Hitman pro and its totally clean .
are there anything i should worry about ?
thanks all for the help
you not to worry about it…your system is secured