Due to software implementation failure and misuse of cryptography, data encryption can no longer be considered a safeguard from security attacks. As a result, adversaries with eavesdropping capability along a routing path can compromise data privacy. In addition, should an adversary be one of the intermediate relay nodes in a path, she can deny data forwarding to disconnect the end-to-end communications. One solution is to avoid message routing through certain insecure areas, such as malicious countries or likely-compromised nodes. To this end, an avoidance routing based on the single path has been proposed. However, this single-path-based protocol relies on the availability of a safe path, i.e., no adversary is in the proximity of the whole path, which is difficult to achieve and therefore limits the routing opportunity. To tackle this issue, we propose an avoidance routing framework, namely timer-based multi-path avoidance routing (TMPAR). In our approach, a source node first encodes a message into $k$ different pieces, and each piece is sent via a different path. During its path discovery phase, a timer is used to efficiently discover a better set of paths. The destination can assemble the original message easily. Under the condition that no adversary obtains all the $k$ pieces of the message, the proposed TMPAR can securely deliver a message to its destination in spite of eavesdropping. The extensive ns-2 simulation results demonstrate that our TMPAR achieves its design goals.