Avast! has blocked a (perhaps) malicious request from Online Armor

[Hanziness]

Good evening!

I was just running a program, when Avast! popped up with a message:

MALICIOUS URL BLOCKED

...

Object: | an IP address |/crs/crs.php

Infection: URL:MAL

Action: Blocked

Process: C:\Program Files\Tall Emu\Online Armor\oaui.exe

-----

Could you help?

I removed the oaui.exe entry and blocked it from accessing the internet....

I'm using an old version of OA (4.0.0.35 (FREE))

Should I update it or it's just a false positive?

Thank you very much!

[catprincess]

oaui.exe connects to OA's servers to lookup your IP address to display in the Firewall Status window. It also connects when checking for updates. Perhaps Avast has blacklisted the IP for some reason, although you didn't record the actual IP in your post.

I would recommended updating your version of OA and also excluding Avast and OA from each other In OA, this can be done under Options -> Exclusions.

[sded]

What Avast! version are you using? OAUI.exe is the GUI for Online Armor. You may want to go Explorer, right click it and select properties to see if it is digitally signed, but sure looks like an FP. There is also an RC2 for OA5 available here at the forum so you may just want to do an OA upgrade.

[Hanziness]

Thank you for your quick reply

I thought that Online Armor is sending the usage statistics to the server.

I'll report this to AVAST! Software

My current IP: 89.168.125.5

The blocked IP: 68.178.232.99 - the full address is: 68.178.232.99/crs/crs.php

I will update Online Armor tomorrow, because it's a bit late.

Again, thank you very much

EDIT #1:

I'm using Avast! 6 FREE

[sded]

Made comments in the Avast! forum at http://forum.avast.com/index.php?topic=75453.msg624461#msg624461 since an Avast! FP seems more likely than OA being compromised. Hopefully upgrading OA will provide a current IP address for the now unavailable site in the older version.