Every time I search using Google, I get a pop-up about servscrpt.de being blocked. Only happens with Firefox and not Edge. Started a few days ago. How to stop this?
Strange, servscript.de appears to belong to amazon.com https://www.ip-adress.com/website/servscrpt.de but located in Dublin.
Firefox is my default browser, my default search engine is GoogleUK and I’m not seeing this, what are your Privacy and Security settings, mine are on Strict.
Thanks DavidR,
I am using an old version of FFox - v56 - and cannot see anywhere to set ‘Strict’.
If you can you should get the latest version that is compatible with your OS (which is ?)
If you are unable to update firefox, I don’t know what version of Avast you are using (?)
If it is the latest avast version then you should be able to update firefox, this would give you much more in the way of Privacy and Security settings. Not to mention other functions.
Thanks again DavidR…
I am using the latest Avast. Won’t update to latest FFox as I would lose some functionality I rely on. Just curious what changed in the last few days to cause this. Clearly it’s Google. OS is Win7 pro.
You’re welcome.
I just wonder if it is something in google that has change, as presumably they are constantly updating their product to gather data. But why it is connecting to servscrpt.de for a search, I wouldn’t know.
But this site is considered a medium security risk on this scan https://sitecheck.sucuri.net/results/servscrpt.de that may or may not be why avast has the URL Blacklisted.
You could try - Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php - this goes to the avast virus labs. They will look at it again, but there is no guarantee that it would be removed from the URL Blacklist.
Hi,
servscrpt[.]de is a domain used by a malicious payload to spy on Google/Bing/Yahoo search results and modify them. It has the ability to redirect arbitrary search results through servproc[.]de. This is most likely spread by a malicious browser extension: we recommend disabling suspicious ones and checking if the issue persists. If you figure out which extension was to blame, please let us know.
Thank you Jan for the clarification.
Hi,
I have the same problem only with firefox last version 
I post a subject on Monday 10
But no answer.
So how can we ask to avast TK?
As i only have the free version and it sure that it occur on every version :‘( :’( 
Very boring situation…
Gerald
Thanks Jan953…
I started FFox with add-ons disabled and no problem. After restart, I tried disabling add-ons one-by-one but can’t figure out the culprit. Only one has been updated in the last week or two, but I fully trust it.
Is there a way to effectively troubleshoot this? Is the a scanner of some sort out there?
Do you not think it is strange to post a shortened URL link to a 3rd party site to redirect you back to the avast forums ?
https://forum.avast.com/index.php?topic=247008.0
Many don’t use shortened links to unknown origins or locations.
Plus you did get an answer.
One of which was to report it as a possible false positive.
Another to post it in the viruses and worms sub-forum, which you chose not to do.
The only people who can move topics need full permissions and essentially this is an Avast Team member. If they visited the topic they could well have answered it without the need to move it.
Hi,
I use Copyshorturl addon to make a small url that all ^^
A false positive ok, but not solved on detection database…
Ok, a lot ofhave the Free version so, we don’t have the direct support.
Wait and see, to have a patch of false positive. ;D
Gerald
Well shortening your link actually puts some people off even visiting it, not to mention the link I posted to your topic is hardly long.
I didn’t say it was a false positive, just that there was a link that you could use, if you felt it was, then it could be investigated.
There has been a response by ‘Jan593’ an avast team member Reply #6 in this topic who states that it isn’t an FP and what actions to take to try and find a potentially bad browser extension in Firefox.
This is an issue that is unrelated to what avast version you have the web shield and file system shield ‘virus protection is the same in all versions.’
Hi,
Well, malicious extension, maybe but i don’t know why Firefox could let such extension to be downloaded on his server.
What also noticed it that there was no such warning message on the previous version too… :o
I disabled all my add-on.
Re-activate each one by one, and no more warning message from Avast at 6:30am French hour :o :o :o :o
So bad ad-on or bug of detection, or new update of one of add-on make Avast be quiet???
Will shut down the laptop around of 6:50 and start it again around of 8:45 and will see if it’s ok or not.
Gerald
I had same alerts a few days ago with Google Chrome, thinking it must be extensions.
For me it was an extension named “Proxy SwitchySharp” to blame, but now alerts are stopped for me too so I can’t confirm it anymore.
I’ve been getting this alert when I do a Google search on Chrome browser, too, on my Windows 10 laptop. I updated Chrome to the latest version yesterday, but it still persisted.
Following NON’s lead, I checked all my Chrome extensions; I don’t have Proxy SwitchySharp.
But I’ve been able to stop the alert by disabling CrossPilot 1.1.1, which is described as “Install Opera extensions in Chrome in a sandboxed environment”. Sure hope it was me that installed that extension, because I don’t remember it! But let’s just hope this sticks.
Well I have CrossPilot installed too, but I don’t have alerts with it enabled at least for now. :-\
Hi ^^
NON did you have the warning message with the previous Avast version even free or other version?
Gerald
I’m using latest Avast, not previous version.
Unfortunately, I don’t think there is any good tool to automatically troubleshoot this. But what you can do is navigate to a Google search page, and open “Web Developer” → “Debugger” → “Sources”. You should see there on the left pane the list of add-ons that are executing a content script in the current page. If there is any add-on that should not be loaded into a Google search page, you found the culprit.