Vista with Open Candy detected!

See: Up(nil): a variant of Win32/OpenCandy.C potentially unsafe LACNIC BR domains at microsoft dot com 191.239.203.8 to 191.239.203.8 windows.net htxp://1800dcdn.blob.core.windows.net/dir195/wi/18/33/1/11/IE8-WindowsVista-x86-ENU.exe

Metascan results: https://www.metascan-online.com/en/scanresult/file/cb7bf156464543ee8242a2a4d42b2f2a

Does Avast only detects in PUP-mode?

Re: https://www.virustotal.com/nl/ip-address/191.239.203.8/information/

polonus