Undetected Malware on website

My other half was searching google images for horses today and when she clicked on one particluar image IE closed and a popup appeared saying her machine was being scanned for malware. She closed it, shut everything down, scheduloed a boot time scan and the accepted restart. As machine closed down that same fake scanning window appeared. At no time did Avast detected the bad link.

O/S is XP Pro SP3

Boot time scan log shows


Scan of C:

File C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\17\57ae56d1-2f5a75af|>Exploit.class is infected by Other:Malware-gen, Moved to chest
File C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\17\57ae56d1-2f5a75af|>PayloadCreater.class is infected by Java:CVE-2010-0094-B [Expl], Moved to chest
File C:\Documents and Settings\Liz\Application Data\Sun\Java\Deployment\cache\6.0\17\57ae56d1-2f5a75af|>PayloadClassLoader.class is infected by Java:Jade-C [Heur], Moved to chest
Number of searched folders: 8275
Number of tested files: 496142

Number of infected files: 3

Machine seems OK. I hope it is? I trust we caught it in time with prompt action.

To replicated, go to Google, then Images and type in horses. Scroll down until you see the image attached (horse-31.jpg)

The link is

http://www.google.co.uk/imgres?imgurl=http://fwallpapers.com/files/images/horse-31.jpg&imgrefurl=http://www.sisterhoodeast.co.uk/sj-Free-Pictures-of-Horses/&usg=__g0pRKjkhFRnLn6EnAQopgg9EmkM=&h=1200&w=1600&sz=364&hl=en&start=9&zoom=1&tbnid=AivtZuhm1ADSKM:&tbnh=113&tbnw=150&ei=mY-2TYzNGsqb8QP6nPUt&prev=/search%3Fq%3Dhorses%26um%3D1%26hl%3Den%26sa%3DN%26rlz%3D1T4GGLL_en-GBGB393GB393%26biw%3D1107%26bih%3D816%26tbm%3Disch&um=1&itbs=1

The image properties show a link of

http://t1.gstatic.com/images?q=tbn:ANd9GcSm9LPV4L-kLtxDYF-1NJMsGA4TzsT3a44C3bebYmqgEmxVhAQ-dQ

and a reference to

sisterhoodeast.co.uk

Can someone at Avast take a look at this. Also I couldn’t see any way to report this as a bad site to Google.

The Rogue is detected by Malwarebytes as - Spyware.Agent
SUPERAntiSpyware as - Trojan.Agent/Gen-FakeAV

Jotti - SecurityScanner.exe - http://virusscan.jotti.org/en/scanresult/65fdf53efca7b28ae9415d4f4f1e849751b43db2
VirusTotal - SecurityScanner.exe - http://www.virustotal.com/file-scan/report.html?id=1b8bfc9cbae03180f7c3803988b63233fdfbea1d86bf7d3a909981224119d2b7-1303822658

sample sendt to avast :wink:

Hi stduc,

This can be blocked succesfully by useing NoScript extension in Firefox or NotScripts extwension in Google Chrome,

polonus