Generally, avast detection is accurate in these cases.
Isn't it an encrypted/obfuscated script or iframe that was kept into the site?
Please, edit the links to not-live ones (change http for hxxp, for instance or add spaces between the url).
Check
here how to clean and make a website secure.