Damaged pop-up

I tried to check a report that Avast blocks the site thisishorosho[dot]ru and almost instantly I got a pop-up from the network shield. It’s a normal procedure when you try to reach an infected site but if you have a look at the pop-up, you’ll see that it is damaged: all the html-tags are shown in the main part and on the button.

So I would like to ask two questions:

  1. Is the site really infected or is it a false positive?
  2. What has happened to the pop-up?

thanks.
this is indeed very very bad…

yonatan
After I had seen that damaged pop-up, I opened my Avast’s main window and was shocked to death! It was a complete mess! But I remembered that one user uploaded today a screenshot with the similar mess in his Avast GUI. I tried to find his message and here it is: http://forum.avast.com/index.php?topic=91648.0 . (To tell the truth his mess is less than mine - there was nothing in the centre of my window and I saw three sets of tabs with those ugly silver buttons.)

The user said his Avast came back to normal after reboot, so I rebooted and … my Avast came back to normal too. I can’t be sure but I guess that all this mess with the GUI is somehow connected with today’s database update.

Well, and what about the site? Is it safe or dangerous?

Now that your GUI is fine, try to connect again to the site and test again.

It’s very strange. According to Avast Free 6.0.1367 the site is infected and blocked. At the same time VirusTotal scanning found it completely clean: http://www.virustotal.com/file-scan/report.html?id=58846fa056a52eba106fa63612b5bf86bebb65fc808dbf431828fac02cd601c4-1326302158

The results look even stranger if you notice that Avast in VirusTotal (version 6.0.1289) found the site clean too. And only TrendMicro declared the site is a malware site: http://www.virustotal.com/url-scan/report.html?id=8304f481f82c6079efea54239841d066-1326298554

I have to ask again is it a false positive or a legal detection?

Sorry again but I have to ask the developers once more: is it a false positive or a legal detection?

Maybe you could send an email to

 virus At avast d 0 t  c 0 m

with a subject like “FP or real malware?” which should include a link to this topic?

Most of the exploits found there have been closed down or do not respond, so dead - Cryptic.DTF
and sinowal variant aka Win32:Sinowal-KD Drp, but there is still adware launched via a script from there - -thisishorosho.ru/js/forms.js os suspicious,

polonus

Thank you, polonus. Now I see it’s not a false positive.