On my XP laptop, Avast just alerted that my banking site tries to get me to connect to
—hXXp://bhujzorkulhkpwob.ru/runforestrun?sid=botnet2
the link is from the Avast’s nshield.log (I replaced XX=tt)
Inspecting in Opera shows that it’s in an IFRAME
How can I confirm? What should I do other than smile and be happy Avast caught it?

Check your system and contact your bank if it turns out their website was hacked.

http://sitecheck.sucuri.net/results/bhujzorkulhkpwob.ru/
http://zulu.zscaler.com/submission/show/c4bdf048feeeab91f3b1ab3d7a65b165-1341686305

and what is the link to your bank…

hXXp://www.benchmarkfcu.org/
It’s a federal credit union

Look here: http://urlquery.net/report.php?id=84767

Wow. :o I wouldn’t make any transactions there. ;D

Has a symantec certificate: http://www.mywot.com/en/scorecard/benchmarkfcu.org/event-25936#events

Thank you all very much. Places to check URLs are very helpful.
When I was doing a transaction, I wasn’t on their home page, so likely I’m OK - please tell me if not!
It was when I visited the main home page containing all those frames that avast alerted.

Because avast! blocked the site, you should be ok.

You’re welcome.

Asyn,

The main issue here was serp hijacking for malcious purposes. A"Detected SutraTDS HTTP GET request"alert means simply fraud,
see: http://forum.avast.com/index.php?topic=98322.0
As !Donovan said already, avast blocked connection to that site.
Thanks to avast you had a lucky escape (in case you were vulnerable to the malcode there you could not get infested),

polonus