Hacked 404 Part 3

I took the files that the fake 404 error page was attempting to install and sent them to Symantec. As I mentioned in my last post, virus total showed several other vendors detecting it as a virus, but not Symantec. I should mention that virustotal.com does not use version 9 of Symantec and would be unable to detect adware, so I checked it myself before submitting with SAV 9.0.2.
Symantec’s Antvirus Response Center reports that the chm file is a trojan downloader and the exe file is a trojan adclicker. The 4/17 intelligent updater files should contain defs for this.
Another user on the web server cluster I am on reported that users of his website are reporting virus detections. Sure enough, with McAfee when I go to his site, I get a virus detection immediately. I can see in the source for the page I get that there is an iframe loading something from a .la TLD. This is like what happened to me. I suspect that he has a bad link on his page.
Just like my problem, it comes and goes. 3 hours later, I now cant reproduce the problem on his site.