Could be the avast webshield detects, but have not tested that,
normal file detection misses this one…
See: -//blogger.com.mesco.com.vn/login.php
Scan result: http://vscan.urlvoid.com/analysis/331281ce74bd32a31cc4de4699616ff5/aWtoeS1waHA=/
and
https://www.virustotal.com/file/14facda2785fa218fcb1c07f655f3c7b5affd198aca2a346defbed5d894476b7/analysis/
So called DeepFocus/thumb.php?src exploit malcode,
See: -http://jsunpack.jeek.org/?report=41bf4c69d148da1baee8f1ae4977a21ffeffd206
(visit last given link only if security savvy, with ample script protection and in a VM),
Sucuri flags the malcode found there as -http://sucuri.net/malware/entry/MW:JS:GEN2
There avast webshield detect this as JS:Illredir-AQ[Trj] (therefore broke that sucuri link,
enough of the initial code there (without any payload naturally) to result in an avast webshield flag.
DrWeb URL checker detects as: http://blogger.com.mesco.com.vn/ikhy.php infected with PHP.IrcBot.46
reported to virus AT avast dot com
polonus