Virus not detected!

Viruses and worms
1

Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 -usfastads.com -http://usfastads.com/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 -tremendousdir.info -http://tremendousdir.info/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 -technologytoday.ga -http://technologytoday.ga/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 -programmingstudentblog.com -http://programmingstudentblog.com/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 -hotappsstore.com -http://hotappsstore.com/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 haaziq.pw -http://haaziq.pw/
Up(nil): VBS_RAMNIT.SMC ARIN US network at interserver.net 64.20.39.203 to 64.20.39.203 foodreviewzone.com -http://foodreviewzone.com/

Virus will crash Google Chrome browser despite sandboxie when scanned on Sucuri’s.
VT results - non-detects. Read: http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/VBS_RAMNIT.SMC

polonus

2

It is a good thing direct access to some pages is blocked by Google safebrowsing.
This is flagged: -http://programmingstudentblog.com/ & -http://hotappsstore.com & -http://haaziq.pw
But not all. -http://usfastads.com is not being flagged.
This neither: -http://killmalware.com/tremendousdir.info/ nor: -http://killmalware.com/technologytoday.ga/

polonus

3

Seems we already have detection here: http://killmalware.com/haaziq.pw/
Avast detects as AvastVBS:Agent-KZ [Trj]

polonus

4

Updates from Viruswatch Archives as that malware campaign continues to hit: Up(nil): VBS_RAMNIT.SMC APNIC CN anti-spam at -ns.chinanet.cn.net 115.231.219.31 to 115.231.219.31 -52bss.com -http://www.52bss.com/ *
Up(nil): VBS_RAMNIT.SMC APNIC CN -antispam_p at scn.com.cn 211.144.76.77 to 211.144.76.77 -uemono.com -http://www.uemono.com/ *
Google Safebrowsing blocks as does Yandex.
Confirmed by Netcraft website risk status: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2Fwww.uemono.com

Fail and errors: https://asafaweb.com/Scan?Url=www.uemono.com

polonus