Hi malware fighters,

Look here is one for you : http://www.unmaskparasites.com/security-report/?page=www.stroiinvest.nm.ru/ocL8y6UHbR.html
2 suspicious inline scripts found.
5 hidden external links found.
Moreover, Google currently lists this page as suspicious*
Malicious subdomains: For example: hotties12.nm*ru.
Malware site link: http://www.unmaskparasites.com/web-page-options/?url=http%3A//qip.ru/reg/register
External References

• antiviru*ru suspicious - displaying 1 of 1
  redirecting to: http://safeweb.norton.com/report/show?url=htresq.com%2Ff%2Findex.php&x=10&y=10
  Here is a complete list of the malcode there:
  Threat Name: MSIE ADODB.Stream Object File Installation Weakness
  Location: htxp://htresq.com/e/index.php?m=j

  • Click - htxp://antiviru.ru/

• plan-b.reggaeton.tuzonavirtual*com suspicious - displaying 1 of 1

  • link - htxp://plan-b.reggaeton.tuzonavirtual.com/videos/homee.php

VirusTotal - homee.php - 5/41
http://www.virustotal.com/analisis/cae24bbdd5e8cad78aad74ac8d03594210efb55f1cc6cb61bd69c9408022898a-1274651119

VirusTotal - index.php - 3/41
http://www.virustotal.com/analisis/405ceae0df95885d170543536a1ed6407af619b3d6a49363dde10224ac510625-1274651135

VirusTotal - index_1_.php - 3/40
http://www.virustotal.com/analisis/d4422c442bcf49234a4a61bc94d5a344f4a28a442c15e29bdb3906b819f859d9-1274651128

VirusTotal - plan-b.reggaeton.tuzonavirtual.co - 1/41
http://www.virustotal.com/analisis/900b0c0887d87aa2595b58b51b3ec6ea47ffecfe42f86d5562522a5f84f4e495-1274651140

Hi Pondus,

Thanks for checking, alas avast missed some there,
Also re: http://www.malwareurl.com/listing.php?domain=htresq.com
htresq*com. 194.8.250.60. Exploit kit / Trojan Bamital. /. 2010-05-21.
See: http://greatis.com/blog/how-to-remove-malware/kzixgc-dll-bamital.htm

polonus

yup it did, i better send them…