Does avast detect this backdoor? Yes avast! Webshield blocks access!

See: https://www.virustotal.com/en/url/f158ba70c0ed5845185e60f5f6e49282527654f81be3d0e8235f42f8a7db9e5a/analysis/1378471621/
and https://www.virustotal.com/en/file/bd131aad1242fe39cc2a0136060cbff0f0b003d9c4c959c35de9f6ba7cc39e90/analysis/1378442902/
See: http://anubis.iseclab.org/?action=result&task_id=17ae3576f1a2331b4810d46f45e0b7251
URL update.sppen.com failed to be located in database is suspicious!
Going there I get

Server IP(s):
59.12.180.12
59.12.180.108
59.12.180.127
59.12.180.164
183.99.120.26

=========================
HTTP headers: Then avast! Webshield blocks access to htxp://update.sppen.com/ via Malzilla browser as a URL:Mal detection

Hence we have protection against this backdoor/PUP!

polonus

Alerted here: http://urlquery.net/report.php?id=4995498

See what that IP holds? Re: https://www.virustotal.com/en/ip-address/59.12.180.12/information/
and
http://support.clean-mx.de/clean-mx/viruses.php?ip=59.12.180.164&sort=first%20desc

polonus