Hacktool on Alibaba AS IP detected!

Yes also avast detects this and it is generally detected: https://www.virustotal.com/nl/url/7e9d0bc6f58e78aea240fc3c62983cc135cd56b192910fa56cc3126aede1c034/analysis/1418308294/
and the executable: https://www.virustotal.com/nl/file/01fb75bb0b41d0401cccc2c6f83aa01e485bedb7ce87afa4ae368c404f486ee0/analysis/1418306697/
Strange it is not alerted here: https://www.virustotal.com/nl/file/01fb75bb0b41d0401cccc2c6f83aa01e485bedb7ce87afa4ae368c404f486ee0/analysis/1418306697/
Host detections and on IP: https://www.virustotal.com/nl/ip-address/182.92.225.164/information/
and http://www.scumware.org/report/182.92.225.164.html
and alive and up malcode: http://support.clean-mx.de/clean-mx/viruses.php

polonus

About this adware:

How One Gets this virus? Rumors are that Win32.FlyStudio.OBX worms into a computer through vulnerability in Adobe PDF creator, Acrobat and Java program. As its name suggests, it attacks JavaScript. If one takes attention when the warning alert about the Trojan horse appears, one would notice that the Trojan appears when certain web site is accessed. Actually, the JS Trojan worms in through IE loophole. Win32.FlyStudio.OBX Is A Big Threat to Your Computer 1.it attacks your computer with share programs or free downloads from the Internet; 2.it injects malicious files and registry entries to your system; 3.it changes your default browser settings; 4.it is able to inject other viruses or threat to your computer; 5.it degrades your computer performance; 6.it cannot be removed by anti-virus programs in most cases.
Quote info taken from Adwareremovaltips dot net

polonus

Another variant of this malware, this one known as Adware/Firseria, but also very closely related to aforementioned hacktool, is generally detected and also by avast. See: https://www.virustotal.com/nl/url/66e5b4fec34db7acf9a5323c09fb4e2c05c5dbb6016f630b2560f79b08f1bfd4/analysis/1418309069/
and file scan report: https://www.virustotal.com/nl/file/01fb75bb0b41d0401cccc2c6f83aa01e485bedb7ce87afa4ae368c404f486ee0/analysis/1418308446/

How it is being detected: http://support.clean-mx.de/clean-mx/viruses.php?virusname=Adware/Firseria&sort=id%20DESC

polonus