Avast blocks Malwarebytes.org website

I used google to search for “malwarebytes poweliks”, the 2nd link is:
hXXps://forums.malwarebytes.org/index.php?/topic/160693-removal-instructions-for-poweliks/

Opening it in firefox shows me a popup from avast this website contains trojan poweliks inf [JS]

Seriously? I this a false positive? If so, this is kinda epic blocking a website from a competitor maybe containing useful information for malware removal …

Or is the malwarebytes.org website/forum infected and spreads malware? Hard to believe, dunno what to do now.

Site and links on it are opening without a problem with avast enabled for me.

Avast is reading the poweliks instructions that are showing in the FRST scan log and alerting on that

The link alerts for me.

@ esc
Looks like it is picking up the instructions/information for the removal of poweliks on your link.

I have reported this to avast for investigation.

Is there any way to disable such “hardcore” blocking?

I couldn’t find anything related in the web security module’s settings, i attached a screenshot of my current settings (sorry i use the german version)

Edit: @ DavidR the dialog/popup looked different for me, there was no way to reprot as false positive or choose what to do?

Looks like it has to do with FireFox.
In FF it gives me a alert, in Opera it doesn’t.

Right now the site isn’t reachable.

http://screencast-o-matic.com/screenshots/u/Lh/1456009077039-57902.png

To me that indicates that there’s more to this than a false alarm.

  1. I don’t believe this is hard core blocking, how is an AV to determine what is an example of the code and what is the real McCoy. The only way to block it (disable the web shield) would leave your system very vulnerable. Avast makes no concession of whose site it might be and it doesn’t really check that (they could get hacked/infected too) and it is hardly a competitor as many use MBAM and avast and MBAM isn’t an antivirus.

Personally for a security based site I believe malwarebytes should have posted images of the script rather than text examples of it, which could trigger alerts, not only by avast.

Can you edit your original link - change the https to hXXps - so that it isn’t active, avoiding accidental exposure to it.

  1. Short of what I said above - The only thing in the web shield would be setting an exclusion, but that would be somewhat pointless as you can only do that retrospectively.

  2. I have my settings on the Web Shied - Actions, first option set to Ask - I don’t know if that would change the dialogue window, but it does give the option to report as a false positive. However, the end result would be to abort the connection as there are no other options after the ASK window appears, it just gives me time to capture stuff.

I can access the main site, only the link in the OPs post results in a Secure Connection Failed. They may have received notifications about this and pulled the page to correct it, my best guess.

Should have said the link. :slight_smile: The main website is reachable.

Ok, yeah you’re right, was just very confused at first, but now i understand.
Thanks for the fast answers and that you actually read what the users here write, on the malwarebytes forum they just ignored the anti-vir warning thing and my concerns and ask for logfiles, like bots or some sort auf automated system ^^ Makes me trust them even more, maybe malwarebytes IS actively spreading Poweliks :stuck_out_tongue:

I changed/censored the link.
And thanks for the 3., i didn’t checked that setting, was set to “block”, now i changed it to “ask” so i have the chance to send a false positive report next time :wink:

You’re welcome.

I honestly don’t believe they are trying to spread anything, but I have to admit surprise in posting text examples of stuff like that (and not using an image example).

Thanks for changing the link.