trojan rarc.

Site “xxtp://zakatchayka1.info/search?r=1753&q=mega download good file” (instead of “mega download good file” may be any text) has mailware.

Reference on this site show up on russian search internet services then input word “загрузить”.

If press “скачать” (it is correspond “download”), then downloading file with name in view: “mega_download_good_file-12345678.exe”.
“mega_download_good” - is text from url site, where space symbol replaced on “_” and “12345678” is random 8-digit number.
This file, ostensibly, is selfextractor archive with needed file.
After run this file, show up window with text required send sms on short number 2858 for get access code.
After send sms and execute remainder requist you understand, what this is not selfextractor archive with needed file, but embeded window ie with site hxxp://za-premium.com/?id=12345678:)
This site, how write on caption this window, is protected, but it may open from ie without send sms, simply insert number from download file name in url after id.
Avast do not catch this trojan.
Please, add this trojan “rarc” in your base.

za-premium.com is a torrent tracker.
The first site you linked to (please remove the link by changing “http” to “hxxp” and www to xxx), has a AdSubscribe-family virus in it.
I’ll write back after I have more results.
http://www.virustotal.com/analisis/5e7c7a86529770adbc6cffd14628d90ded47a16cb27298c7bc4f25b5153c2425-1275739178 - see this. Despite the fact that only 3 antiviruses detect it, it’s still a virus, sure of it

Now detect it 5 antiviruses (http://www.virustotal.com/ru/analisis/f217a65f075e3846a67f8dbafdefef03d6a19de189ef634238e2121609285d37-1275847343).
Info from dr.web (http://news.drweb.com/show/?i=1083&lng=ru&c=5): this trojan created earlier 8 March 2010, distribute more 20 russian hosts and has changed, since screenshot little differ.
List host from dr.web:
doownle.com
re-tracker.org
rapid-load.net
positivfiles.com
topnewfiles.ru
vskachke.info
giga-files.net
gigafiles.biz
realdownload.biz
vprokachke.com
download-club.ru
downloadf.ru
softdownload-mirror1.in
softdownload-mirror2.in
softdownload-mirror3.in
softdownload-mirror4.in
softdownload-mirror5.in
softdownload-mirror6.in
softdownload-mirror7.in
softdownload-mirror8.in
softdownload-mirror9.in

Hi rus,

Only detected so-far by TrendMicro: za-premium.com… malicious
If you have it on your machine, you’re likely infected with a strain of the beagle.bn worm.
Thanks for reporting,

polonus