I want to make it clear that I don’t have any relation to the original site.
My questions are more general than just for this particular case, but anyway, here are the details.
URL:
hXXp://erwan.l.free.fr/clonedisk/
hXXp://erwan.l.free.fr
hXXp://erwan.boot-land.net/clonedisk/
hXXp://erwan.boot-land.net
Virustotal analysis for the URL:
hXXp://www.virustotal.com/url-scan/report.html?id=f75a6e853bed5300695f16e75a0511e4-1315480441
Current Result of VT for the URL:
Websense ThreatSeeker: Malware site
Then click on “View downloaded file analysis” link, and you get to
Virustotal analysis for index.html:
hXXp://www.virustotal.com/file-scan/report.html?id=bc5d5fb8bfefc8a1cfaf8036c8aa574707d080746738a91ffc1d1b4f7637526a-1315487643
Current Result of VT for index.html:
(currently with [b]20[/b]/44, so it is a little higher now).
MD5: f9618fbbffca61e0eee2bc49822f4c07
The same happens to the parent folder, and also to the mirror website (the 4 locations I posted above in this same post).
I am not doubting about Avast’s warning. My doubt is, why this is not completely identified by almost all scanners after months. It keeps being reported by, say, around half of the listed engines, during a long time.
And, as mentioned, the zip file can be downloaded directly and Avast is OK with it (I haven’t posted here the direct link to it though).
Thanks for sharing your knowledge :).