Does Avast in pup-mode detect this riskware? Ask toolbar bundling!

[polonus]

See: https://www.virustotal.com/nl/url/7a20fb1417d32a0645bda7b8ad8cd4302bdea737ab3518dd622fe6db0b2af531/analysis/1441009185/
and
https://www.virustotal.com/nl/file/688c99052bda02359715895ce452b04f8cadb5abdf4d32d086f79a5f4a189f9c/analysis/1441005154/
Site server vulnerable: http://www.cvedetails.com/vulnerability-list/vendor_id-10048/product_id-17956/version_id-178329/year-2014/Nginx-Nginx-1.6.0.html & exploitable: https://vuxml.freebsd.org/freebsd/ad747a01-1fee-11e4-8ff1-f0def16c5c1b.html
See: https://urlquery.net/report.php?id=1441005080991

polonus

P.S. The download is facilitated even via an older nginx version
Netblock owner                   IP address           OS           Web server        Last seen Refresh
Netrouting Telecom Sweden   94.185.85.210    Linux   nginx/1.4.5        16-May-2015

The nginx 1.6.0.  OpenSSH 5.3 (protocol 2.0) status code 405 is run by INCERO  in Wichita. *

 Catalyst-Host and not exactly issue free IP:
https://www.virustotal.com/nl/ip-address/162.250.235.54/information/
propagators of the bundled Ask toolbar (PUP/riskware) 

More servers from Kansas used to facilitate these downloads all with similar configurations:2015-08-31 09:11:20   0 - 0 - 1   -download.sopcast.com/download/SopCast.zip   United States162.250.235.54
2015-08-29 16:31:02   0 - 0 - 1   -download.sopcast.com/download/SopCast.zip   United States178.18.19.214
2015-08-28 21:57:48   0 - 0 - 1   -download.sopcast.com/download/SopCast.zip   United States162.250.235.54
2015-08-28 20:23:41   0 - 0 - 1   -download.sopcast.com/download/SopCast.zip   United States162.250.235.54
2015-08-20 22:19:15   0 - 1 - 1   -download.sopcast.com/download/SopCast.zip   United States178.18.19.214
2015-08-01 16:15:17   0 - 0 - 1   -download.sopcast.com/download/SopCast.zip   United States162.250.235.54

polonus (volunteer website security analyst and website error-hunter)