Avast the only one to detect PE:Backdoor.Win32.Gbod.b!1616603 [F1]

[polonus]

Avast detects HTML:HideMe-F [Trj] here:
https://www.virustotal.com/nl/url/e914c730feb137e9ef96ea0d9f0c5b3e682ce7b0c98e23fdbdd035a3362afa4e/analysis/1442417906/
see: https://www.virustotal.com/nl/file/435bb746aa3fa9425f8bc5d5a69c2be535bed6ad8c04ad2ee7bf631a7bb7aab5/analysis/1442238139/
To be detected:
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/nelson-mandela/feed/
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/dr-aklilu/feed/
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/botlhale-boikanyo/feed/


Up(nil):   unknown_html   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/botlhale-boikanyo/
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/aparteid/feed/
Up(nil):   unknown_html   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/aparteid/
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/tag/africa-2/feed/
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/sarahobama/feed/
Up(nil):   unknown_html_RFI_shell   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/?p=487
Up(nil):   unknown_html_RFI_shell   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/?p=388
Down:   NA   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/?p=285
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/obama/feed/
Up(nil):   PE:Backdoor.Win32.Gbod.b!1616603[F1]   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/author/africanbits/feed *
Up(nil):   unknown_html_RFI_php   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/an-african-chief/feed/
Up(nil):   unknown_html_RFI_shell   ARIN   US   abuse at godaddy.com   97.74.182.1    to 97.74.182.1   africanbits.com   -http://africanbits.com/180/

Sucuri detects: SSUE DETECTED   DEFINITION   INFECTED URL
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com ( View Payload )
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com/404testpage4525d2fdc ( View Payload )
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com/404javascript.js ( View Payload )
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com/new-page/ ( View Payload )
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com/staff/ ( View Payload )
SEO Spam   MW:SPAM:SEO?r   -http://africanbits.com/featured-story/ ( View Payload )
Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?r
<div id='HiddenDiv'> Small wonder the provider opined the Daily XXXX Pill <a href="-http://el-au.org/" title="" title="pharmacy and smut spam <style>.hvx6{position:absolute;clip:rect(482px,auto,auto,452px);}</style> </div><script type='text/javascript'>if(document.getElementById('HiddenDiv') != null){document.getElementById('HiddenDiv').style.visibility = 'hidden';document.getElementById('HiddenDiv').style.display = 'none';}</script>
*Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}xViewState();

Web application version:
WordPress version: WordPress 3.4.2
Wordpress version from source: 3.4.2
Wordpress Version 3.3 or 3.4 based on: -http://africanbits.com/wp-includes/js/autosave.js
WordPress theme: -http://africanbits.com/wp-content/themes/Website-Video-Plus/
Wordpress internal path:- /home/content/46/9852946/html/wp-content/themes/Website-Video-Plus/index.php
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2 :
WordPress Version
3.4.2
Version does not appear to be latest 4.3 - update now.
Warning: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

jetpack 1.7   latest release (3.7) Update required
http://jetpack.me

WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /

 VideoPlus 1.0.7http://www.theme-junkie.com

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   africanbits   africanbits
2      None

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fafricanbits.com

polonus

[Pondus]

Avast the only one to detect....

No
https://www.virustotal.com/en/file/9f4fa1a7176bbc3befb3acee5d941e7fdaf6a09208b391558826f4fe312db0a4/analysis/1442419761/

[polonus]

Pondus you are right, more coming to detect, see here: https://www.virustotal.com/nl/url/b10cb13fe2aea2cb86174de4fa175819a5bd4e50ed02387acb0dd5fb1fb39e46/analysis/1442420262/
and
https://www.virustotal.com/nl/file/a2a92b5cf8f3e487830a7fa50b7f7a54e3c77ca4e7577003fafefe04f6fd8cf7/analysis/1442354758/

pol