This malware being detected? Trojan-Spy.Win32.Zbot.rgc

See: https://www.virustotal.com/nl/url/d35b8fe4ce18d7a8da46a9793e9a557e8ac78454742b0d1186bd7da02a2b02d5/analysis/
Nothing here now: https://www.virustotal.com/nl/file/af47ec90f9b69ce21c23de705be61f809bdfb30c5d9b6675466fd21f4b07b48d/analysis/1379944202/
Flagged here: http://support.clean-mx.de/clean-mx/viruses.php?id=19583232
Avast does not detect: https://www.virustotal.com/nl/file/d07f1456983a43e34c6f6095295ab3c666e1e96275f7095f37fdac1270548242/analysis/
Nothing here: http://urlquery.net/report.php?id=8879273
See pinpoint logs
Nothing here: http://maldb.com/hohohobase.ru/01net/cp.php?m=login
hohohobase dot ru/01net/ blocked by Bitdefender TrafficLight as malware laden.

pol

That website is actually blocked for spam and malware by WOT.

Hi Steven Winderlich,

And rightly so, it is in a cyber criminal botnet and listed here http://cybercrime-tracker.net/index.php?s=0&m=40&search=Citadel
Zulu Zscaler is very accurate on the detection: http://zulu.zscaler.com/submission/show/e93018480d673a1d466d11f0a1a0bc71-1390081646
Online but not in the actual Zeus tracker database: https://zeustracker.abuse.ch/monitor.php?search=38.109.217.108 (dubious?!?)
Rather have it blocked, as avast does not when I go to: htxp://38.109.217.108/ (Reads there: I moustache you, how do you get up here/)
Exploit on site on IP: http://urlquery.net/report.php?id=8308862 IDS alert for ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font Exploit -
32HexChar.eot = 2016155 - ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font Exploit - 32HexChar.eot (emerging-current_events.rules)

polonus

Nothing here now: .............
it is ....if using correct URL ;) https://www.virustotal.com/en/url/e9d68b822063dc21c333a26439394cf71043668a955b45870bde69e66c68b907/analysis/1390082640/ https://www.virustotal.com/en/file/d07f1456983a43e34c6f6095295ab3c666e1e96275f7095f37fdac1270548242/analysis/1390082229/

now also in Malwarebytes lab…

OK, OK, thanks for that further precision, dear Pondus, but seeing that detection results I do not see any avast detection there.
That is what all my effort here is about, adding this to avast!'s detection! avast! Webshield is not alerting site while Bitdefender TrafficLight and WOT are!

pol

I do not see any avast detection there.
its on the way to avast lab ;)

We find IP added here now: https://zeustracker.abuse.ch/monitor.php?host=hohohobase.ru
https://kraken.virustracker.info/ gives: hohohobase.ru,38.109.217.108,ns1.r01.ru,Criminals,
Not as yet alerted here: http://urlquery.net/report.php?id=8883076
But they have besexeweryopko.com,38.109.217.108,ns1.dnsfarm.org,Criminals,

polonus