See: http://app.webinspector.com/public/reports/show_website?site=http%3A%2F%2Fwww.neodownloader.ru
Trojan detected in: Object: htxp://feelthesame.changeip.name/rsize.js → https://www.virustotal.com/nl/url/a4f44a49dc920a577790d24789ba6bda4c6e838ea05f54fe56d5f8393718cd3a/analysis/ and
http://urlquery.net/report.php?id=1395535056539 IDS alert Detected a Dynamic DNS URL
SHA1: d6d01e38799a81f875259708da406ef5dbfd24fe
Name: TrojWare.JS.iFrame.DEE

See: http://sitecheck.sucuri.net/results/www.neodownloader.ru#blacklist-status
6 instances of http://labs.sucuri.net/db/malware/mwjs-iframe-injected530?v7 in index.html
Javascript check = Suspicious

image().src = “//counter.yadro dot ru/hit?r”+ escape(document.referrer)+((typeof(screen)==“undefined”)?“”: “;s”+screen.width+““+screen.height+””+(screen.colordepth? screen.colordepth…

Included scripts = Suspect - please check list for unknown includes

htxp://buysitka.com/6jyj4fub.php
htxp://buysitka.com/6jyj4fub.php
For that included script re: Offensive html code:

Offensive url: htxp://buysitka.com/6jyJ4fuB.php Url is blacklisted in Google Safe Browsing dragspelsnytt dot se is on 89.221.250.15 ASN for 89.221.250.15: 3301 89.221.250.15 manually set to use abuse@aname.net (this site was also infested by this and reported by http://sakrare.ikyon.se/ For external links check etc. see: http://zulu.zscaler.com/submission/show/dcd5eb466d075d34e4ee243e14bf5333-1400775721 100/100% malicious Missed here: http://www.avgthreatlabs.com/website-safety-reports/domain/neodownloader.ru/ polonus

A more recent scan: https://www.virustotal.com/en-gb/url/a4f44a49dc920a577790d24789ba6bda4c6e838ea05f54fe56d5f8393718cd3a/analysis/1400789767/

https://www.virustotal.com/en-gb/file/b2e49d98566fc1934df0349560dfca12e2416dfa10745e6cb65b756cf84fb225/analysis/1400789771/

Thanks go to Pondus for making me aware of the more recent results,

polonus