Site flagged by avast! Web Shield as infested with JS:Includer-BI[Trj]

See: {“sha256”: “1ae3134d18b97a29a504bd2c570f68c70b5ed25116a12c56f40fcabc7bb4008e”, “result”: 1, “last_analysis_url”: “/en/url/1ae3134d18b97a29a504bd2c570f68c70b5ed25116a12c56f40fcabc7bb4008e/analysis/”, “timestamp”: 1371222676, “positives”: 1, “last_analysis_date”: “2013-06-14 15:11:16”, “total”: 39, “url_exists”: true, “reanalyse_url”: “/en/url/submission/?force=1&url=htxp://members.multimania.nl/akkelies/stormen.htm&token=8e04062bc4f16fc51a9544c041e017c429f23bb5609a1e7bfe7355480ce6cc90”}
Detected here on subdomain: http://scanurl.net/?u=http%3A%2F%2Fmembers.multimania.nl%2Fakkelies%2Fstormen.htm&uesb=Check+This+URL#results
See: http://www.avgthreatlabs.com/sitereports/domain/multimania.nl/
Site only blacklisted? See: http://sitecheck.sucuri.net/results/members.multimania.nl
For the detection (3 flag) see: http://support.clean-mx.de/clean-mx/viruses?id=9655515
JS:Includer-BI[Trj] seems to be skirting multi-layered defense, and is getting picked up by a desktop scanner
Trojan:JS/Redirector.DO is a detection for web pages that redirect the browser to a different website.

Enable a firewall on your computer.
Get the latest computer updates for all your installed software.
Use up-to-date antivirus software.
Limit user privileges on the computer.
Use caution when opening attachments and accepting file transfers.
Use caution when clicking on links to web pages.
Avoid downloading pirated software.
Protect yourself against social engineering attacks.
Use strong passwords.

polonus

Is it the external link to htxp://ad.z5x.net, one of the adservers that Trojan.Obvod etc. tries to connect to a.o. that is being flagged?

Well there is quite some malware spread from that IP via various domains: JS-includer:BI & Worm.VBS.awl * unknown_html - all up and alive, see:
http://support.clean-mx.de/clean-mx/viruses.php?review=213.131.252.251&sort=id%20desc
Worm.VBS.awl not being detected here: https://www.virustotal.com/nl/file/bedd55043fd4901eaac1e4624b427db26cbac8659a9490943fd51f2610323ec2/analysis/

polonus

only 3 detect it

virustotal
https://www.virustotal.com/nb/file/511786f5770fc1c418d45b1b801b40d985e4e2807531aedf98abb273ff44b05d/analysis/1371225753/

Sucuri http://sitecheck.sucuri.net/results/collabaz.super-red.es/

virustotal
https://www.virustotal.com/nb/file/022933e169134db446ca6fbb1322b06e76425e5065a65d2c3f1b9925fa65ebe8/analysis/1371226515/

Good digging deeper, Pondus, we’ll get there. Now pay attention…

Look here for web rep: http://www.webutation.net/go/review/ads.mmania.com

Well Norman detects both, the JS-includer:BI & the Worm.VBS.awl…

See where it is being detected: http://evuln.com/tools/malware-scanner/collabaz.super-red.es/

htxp://ads.mmania.com/displaycf2.js.php?r=6504af09&cc=es
200 OK
Content-Length: 2747
Content-Type: text/html
suspicious
Hidden iFrame found.
size: 1x1 style: hidden
src: htxp://ftec-adselect-01.falktec.com/select?type=ifr&plc=15