Generic detection or FP?

Viruses and worms
1

Scanned adn only deteted via BitDefender: https://www.virustotal.com/nl/url/3ee6bfe304e8a2a6f8d1399722f0b70f928598dc7652e90684b84c7a0dae8b4a/analysis/1406210468/
Full detection by Sucuri’s: ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/ ( View Payload )
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/404testpage4525d2fdc ( View Payload )
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/404javascript.js ( View Payload )
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/874/ ( View Payload )
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/453/ ( View Payload )
Website Malware malware-entry-mwjsanon7?v11 htxp://772.whsy2.wmb140.com/404/ ( View Payload )
Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwjsanon7?v11


</html><script>window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"0","bdSize":"16"},"slide":{"type":"slide","bdImg":"6","bdPos":"right","bdTop":"100"},"image":{"viewList":["qzone","tsina","tqq","renren","weixin"],"viewText":"��������","viewSize":"16"},"selectShare":{"bdContainerClass":null,"bdSelectMiniList":["qzone","tsina","tqq","renren","weixin"]}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='htxp://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)];</script

Security issues detected via this scan: https://asafaweb.com/Scan?Url=772.whsy2.wmb140.com
Excessive header info: Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET, PHP/5.2.17
X-AspNet-Version: 1.1.4322
Blacklisted and malware detected: http://www.urlquery.net/report.php?id=1406097458162 from Host: js.users.51 dot la

polonus

2

hxtp://kvn.ya1.ru/ giving a time out.
/engine/editor/jscripts/tiny_mce/tiny_mce.js Detected known malicious content.
&
/engine/classes/highslide/highslide.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1363874238 = eval;
Website Errors
Site badness history: https://www.virustotal.com/nl/domain/kvn.ya1.ru/information/
See: http://www.scumware.org/report/kvn.ya1.ru

pol
3

kvn.ya1.ru.htm
https://www.virustotal.com/en/file/34a6e8dd207c4a75d4315fbeb2f2d357c8601a7402c79e567bc629f21b30796e/analysis/1406219831/

4

Thanks, Pondus, so we are being protected.

Another detection now for long overdue malware or possibly harmless: https://www.virustotal.com/nl/url/d713388f3a30d8395264c33b77818e2f6a48c7b51da8575c9bfb6d520771dbdf/analysis/1406229298/
file detection (one to detect): https://www.virustotal.com/nl/file/86d45b9112b2e6be09bc97ec0813cb8d426d642c6d3304a24b240e9f4e90f978/analysis/1405079008/
From the safe virus ciewer for this long overdue malware - 1226.7 jrs up and acxtive.
See: http://support.clean-mx.com/clean-mx/view_virusescontent.php?url=http%3A%2F%2Fwww.protect-folders.com%2Fdownload%2Ffolder-protect.exe

pol