I tried to check a report that Avast blocks the site thisishorosho[dot]ru and almost instantly I got a pop-up from the network shield. It’s a normal procedure when you try to reach an infected site but if you have a look at the pop-up, you’ll see that it is damaged: all the html-tags are shown in the main part and on the button.
So I would like to ask two questions:
Is the site really infected or is it a false positive?
yonatan
After I had seen that damaged pop-up, I opened my Avast’s main window and was shocked to death! It was a complete mess! But I remembered that one user uploaded today a screenshot with the similar mess in his Avast GUI. I tried to find his message and here it is: http://forum.avast.com/index.php?topic=91648.0 . (To tell the truth his mess is less than mine - there was nothing in the centre of my window and I saw three sets of tabs with those ugly silver buttons.)
The user said his Avast came back to normal after reboot, so I rebooted and … my Avast came back to normal too. I can’t be sure but I guess that all this mess with the GUI is somehow connected with today’s database update.
Well, and what about the site? Is it safe or dangerous?
Most of the exploits found there have been closed down or do not respond, so dead - Cryptic.DTF
and sinowal variant aka Win32:Sinowal-KD Drp, but there is still adware launched via a script from there - -thisishorosho.ru/js/forms.js os suspicious,