Random redirects to unknown IP with fresh OS
When i try to open new tab in Mozilla i got an avast alarm saying that Mozilla is trying to acess URL:MAL with this IP https://220.127.116.11 . The problem that this is a clean install of OS (got this problem before and than reinstalled win7). And no strange addons included. I disabled mozilla updates and any kind of reports (may be it's them, but still no luck) This problem occurs RANDOMLY, so not the all time i open a new tab this avast error opens. I'll contact avast support too, but there are no problems with Chrome.
Ok, I've finally got a response from avast's support. The answer is "Now this IP is not bloking, update your virus databases and the program using the update button" So this was false positive, and now it's OK.Read this answer in context 0
Additional System Details
- Google Update
- NVIDIA 3D Vision plugin for Mozilla browsers
- NVIDIA 3D Vision Streaming plugin for Mozilla browsers
- Intel web components updater - Installs and updates the Intel web components
- Intel web components for Intel® Identity Protection Technology
- User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
You're right...no malware add-ons. Tell you what: check your homepage (How to Check Your Homepage) and tell me what it is. Also, when you open up a New Tab, does the normal New Tab page appear, is it a website, is it blank, or is it blank with a cog icon in the top right? Do you get the same alert from Avast when you're doing something other than using Firefox? And what programs are installed on your computer?
Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
- Microsoft Safety Scanner
- MalwareBytes' Anti-Malware
- Anti-Rootkit Utility - TDSSKiller
- AdwCleaner (for more info, see this alternate AdwCleaner download page)
- Hitman Pro
- ESET Online Scanner
Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
Further information can be found in the Troubleshoot Firefox issues caused by malware article.
Did this fix your problems? Please report back to us!
I have the default new-Tiles page. You suggest that mozilla connects to some IP, that in this Tiles? I used virustotal to scan this ip - that's what i got - https://www.virustotal.com/ru/url/93e0241f05ec4b666d2b2441d0c3d5cf93f68f05d16f7775fec750a370dde1e0/analysis/1415820773/ And already 3 "bad" opinions.. Never tried with "blank new tab page" The problem with experimenting is that I can't force this error... I don't get the same alert, while using mozilla. This is a clean install. Only drivers and skype. +Telegram. Even no flashplayer, no steam, no games or anything.
Well i used MalwareBytes' Anti-Malware Anti-Rootkit Utility - TDSSKiller And nothing found. I think that's not the malware, or it is greatly hidden... And I wrote to avast support as a probable false-alarm/compitability issue
Modified by sbdd
Oh. I was asking about what the new tab page and homepage were like because sometimes malware changes them, and malware may have changed them to a malicious website which Avast kept blocking. And it IS possible that Firefox connects to some I.P. when you use the New Tab page because they have some new Enhanced feature which connects to Firefox servers to gather info about websites. Now, what's your homepage and programs, please?
I got the default mozilla's homepage. Double checked that. You mean to list all installed programs? The blocking is only the avast message, i have no problems with accessing new tab, and it displayed correctly.
please open the command line prompt by pressing windows-key + R and opening "cmd". in the window that opens, type:
...and see if the resolved IP resembles the one in the warning message that you have received. if so, this is likely a false positive & since it is hosted on amazons cdn it might have been used for other purposes in the past.
Modified by philipp
I followed your instructions, but i got nothing, seems this is not a win-command. May this command should be used in some mozilla's console?
Modified by sbdd
i'm very sorry, the proper command should have been:
Didn't know about that trick. Kinda cool. That's what i get. Ip adress is different, but it's changing from time to time (different Ip's in screenshot, while ping'in the same adress). May be sometimes this ip can match (when the error will occur) But the first numbers are the same : 54.
p.s Sorry for my English, but i trying my best)
Modified by sbdd
i now got the exact ip you've referenced, so i think we can be rather sure that this is a false positive generated by your av software. the tiles server is a legitimate part of mozilla and won't serve malicious content.
Yeah. It's Mozilla servers. (Probably the "Enhanced" New Tab page change.)
Modified by You
Glad your problem is kind of solved, though! I guess we'll have to report it to Avast!.
Modified by You
Thanks all for help. I've posted this problem to avast, and as soon as i get a response from them i'll post it here.
Ok, I've finally got a response from avast's support. The answer is "Now this IP is not bloking, update your virus databases and the program using the update button" So this was false positive, and now it's OK.
This is good to hear.
Please flag your last post as Solved Problem so other will know.
But first; A post was flagged as Solved Problem. Please remove that flag.