Kingfiles.net - 'HTML:script-inf' false positive

Hi - I use Kingfiles.net on a regular basic, however when i tried to download a file today, the webshield popup window reported a virus had been found ‘HTML:script-inf’ and was totally unable to download the file as there is now no option to ignore this or even report it as a false positive as the report window has an error regarding format.

The reason i believe this to be a false positive is that i can load the page:-
www.kingfiles.net
which is the basic home page.

but when i try to use the download links, or even if i create fake links using any text, the popup webshield finds a virus.

For instance:-
www.kingfiles.net/12345 - (this is a fake link that i have created, and if i replace ‘12345’ with anything will still get blocked.

www.kingfiles.net/avastisblockingeverything

To be honest i’m getting a bit annoyed as not only have i had to use a workaround using the an older webshield version due to the lastest avast program update disaster which blocks my Window 7 machine from loading web pages in Firefox 26 correctly, but now i have this problem too.

Can anyone confirm they are having this issue aswell, obviously be careful not to download suspicious files.

I have been a user of Avast for a very long time and these are the first issues i have had, and wonder if they are trying to over complicate things rather than concentrate on basic virus protection.

Sophos list that site as malicious.

avast is reacting to blacklists which are current.

so Avast is not actually finding a virus but blanket blocking the website even though the files are virus free - is there any workaround for this ?
or is there a very good reason for the blacklist as it seems ridiculous ?

Just confirming that I’m having this issue as well. Pretty annoying.

attach a screenshot of avast warning popup

add 12345 to URL and avast blocks the site

hello its not false positive, there is link to malicious domain “down1oads.com”, which serves malware.
for example: http://www.webroot.com/blog/2013/05/15/fake-free-media-player-distributed-via-rogue-adobe-flash-player-hd-advertisement/

There are also malicious websites hosted on the same IP:
http://urlquery.net/report.php?id=8914194

And the site is blacklisted multiple times:
http://168.144.32.45/blacklist/bl/99.225.243.0/#_

The malware, HTML:Script-inf, is still up and alive from 2014-01-18 15:10:41 henceon-> http://support.clean-mx.de/clean-mx/viruses.php?id=19583282
See: https://www.virustotal.com/nl/file/c3bc9d34e21493c89aad49f597f4c3a187c20e828eced4df7e8935c2e0ff3c9c/analysis/
See: http://urlquery.net/report.php?id=8882823
Detected live g01pack exploit kit - Read on this malware by author Amit Klein in this his article: http://www.trusteer.com/blog/multi-stage-exploit-attacks-for-more-effective-malware-delivery and here: http://www.malwaresigs.com/2012/11/27/g01pack-exploit-kit/ (been around since 2011)
Therefore we get this at Virus Tracker as a classification of the site: wXw.kingfiles.net,Ghosted, and that does not surprise us one bit.
For the staged attack of g01pack exploit see: http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fwww.kingfiles.net%2Fjyubrkf3d7dn%2Fr00r-dp0d-720p.part09.rar

Good we are all around protected by avast!

polonus