Avast version = free 5.0.677 defs = 101211-1

Reported reason for blocking is: infection: JS:Pdfka-NX [Expl]

The url being blocked is hxxp://wxw.performancetrends.com which is an automotive performance vendor site. Until this past week I have never had a problem using the site.
I have contacted the site owner/developer a couple of days ago and he assures me that the site is clean. I told him what was reported by Avast and he seems to think it is a false positive being triggered by the sites Java based menu system.

I have tried adding the url as an exclusion to the web shield as a test and it makes no difference.

Thanks

Try uploading the url to an online scanner like Virus Total http://www.virustotal.com/ and Unmask Parasites: http://www.unmaskparasites.com/security-report/?page=servepics.com and report your findings back here.

I tried those two sites in addition to the one on the symantec site and they all showed the site as being clean.

I then suggest you contact Avast to check it out as a possible FP http://www.avast.com/contact-form.php?loadStyles.

Done,thx

avast! is alerting on what looks to be an obfuscated script part way through the page.

At the moment, avast! (Gdata) and McAfee can detect it. Although McAfee only detects when the code is in a txt file uploaded to VT…

Suspect script in txt file: http://www.virustotal.com/file-scan/report.html?id=175c85254a47397c293b3619354ac4122a162b5baddc776e39786118c8017c2d-1292154050

Scan of site: http://www.virustotal.com/file-scan/report.html?id=55b022f187afb495da157a12dca1327c01b47b1636236453c6d47d91a862bd92-1292153997

Odd difference, don’t know why…

Yes, avast is most certainly alerting on this rather large block of obfuscated javascript, which is all on a very long single line, Scott’s image makes it look nice an neat. But on a single line much of it would be hidden to all but a detailed search.