See: https://www.virustotal.com/nl/url/6a83d8ce6b1f192232e864cfa37879adb717c73214cdaf50f946eb16334dca16/analysis/1423350168/
Then the file scan: https://www.virustotal.com/nl/file/141e1670cca76cb5c006ea705efe577c2ac72a4c3b214b2061971c55a2e4688f/analysis/1423348989/
17/56 flag this as malcode.
IDS alerts are clear enough: http://urlquery.net/report.php?id=1423349044232
Backdoor:Win32/Gaertob.A is a trojan that allows unauthorized access and control of an affected computer.
→ http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor:Win32/Gaertob.A
Trojan Dropper…

polonus

seems new First submission 2015-02-07 22:43:09 UTC ( 47 minutes ago )
Norman/BlueCoat auto added signature as Troj_Generic.YOEXO

I often wonder why PUP scanning isn’t enabled by default - essentially this is no different to the evo-gen [susp] and the user is none the wiser as to how to answer/react to that detection/alert.

Mind you PUP detections are meant to be done by default in the Web Shield. EDIT: at least that is what my web shield settings reflect, unless I had previously changed it to scan pups in the Web Shield > Customise > Sensitivity > PUP and suspicious files…

Hi DavidR,

Well should have something to do with the legality of the detection, why PUPs aren’t found up by the shields. At least the avast browser extension could alarm these detections on the Google search result page in the browser, but does not as a rule.
The above explanation is just speculation on my part as why avast does not detect these items online, but I once heard something in this line mentioned by avast team member, Milos. He is a very amiable character and will often provide us with a lot of interesting facts for online detections when he reacts here.

polonus

File is blocked by DomainRep: http://prntscr.com/62eaa7

So we are protected

after manuall analysis, name is changed to Emotet.AK

Hi Pondus,

If this is the case, avast should detect this smartphone virus as Win32:Crypt-RNG [Trj],

polonus