Threat Search: 

ThreatExpert's Statistics for AntiVirus2009 [Symantec]:

AntiVirus2009 [Symantec] is also known as:
Threat AliasNumber of Incidents
not-a-virus:FraudTool.Win32.XPAntivirus.oj [Kaspersky Lab]13,340
TROJ_FAKEALER.GV [Trend Micro]13,340
Troj/FakeAle-GZ [Sophos]11,832
RogueAntiSpyware.AntiVirusPro [PC Tools]10,457
FakeAlert-AB [McAfee]9,144
PHISH.FraudTool.XPAntivirus [Ikarus]8,932
Trojan:Win32/FakeXPA [Microsoft]7,452
Generic PUP.x [McAfee]2,796
PHISH.FraudTool.XPAntivirus.OJ [Ikarus]348
Mal/FakeAV-F [Sophos]231
not-a-virus:FraudTool.Win32.MSAntivirus.ak [Kaspersky Lab]144
not-a-virus:FraudTool.Win32.UltimateAntivirus.cq [Kaspersky Lab]144
Win-Trojan/Fakealert.78344 [AhnLab]116
Generic.Win32.Malware.Antivirus2008 [Ikarus]65
Trojan:Win32/Tibs.gen!ldr [Microsoft]65
Trojan:Win32/FakeSecSen [Microsoft]55
Virus.Win32.FakeAlert.S [Ikarus]51
Generic.dx [McAfee]36
Troj/FakeAle-HT [Sophos]36
Trojan.Win32.Tibs [Ikarus]32
Generic Dropper.bw [McAfee]29
not-a-virus:FraudTool.Win32.XPAntivirus.pn [Kaspersky Lab]28
not-a-virus:FraudTool.Win32.SpywarePreventer.y [Kaspersky Lab]24
Mal/FakeAV-I [Sophos]20
FakeAlert-GA.dll [McAfee]19
Mal/Generic-A [Sophos]18
Mal/EncPk-CZ [Sophos]17
AntiVirus2008 [Symantec]15
Mal/Dorf-E [Sophos]15
Mal/EncPk-KP [Sophos]15
Trojan-Downloader.Win32.FraudLoad [Ikarus]15
Trojan-Downloader.Win32.Hoaxer.a [Kaspersky Lab]15
TrojanDownloader:Win32/FakeRean [Microsoft]15
FakeAlert-av360 [McAfee]14
Trojan.Win32.FakeXPA [Ikarus]14
Mal/FakeAV-V, Mal/FakeVirPk-A [Sophos]12
Program:Win32/FakeSecSen [Microsoft]12
Trojan:Win32/Tibs.IF [Microsoft]12
Generic PUP.z [McAfee]10
not-a-virus:FraudTool.Win32.WinAntiVirus.kh [Kaspersky Lab]9
Program:Win32/Antivirus2008 [Microsoft]9
FakeAlert-AB.dldr.gen.b [McAfee]8
Troj/FakeVir-LF [Sophos]8
Trojan-Downloader.Win32.FakeRean [Ikarus]8
Virus.Win32.Virut.au [Ikarus]8
FakeAlert-AB.gen.a [McAfee]7
Generic Downloader.x [McAfee]7
Trojan.Win32.FraudPack [Ikarus]7
Mal/FakeVirPk-A [Sophos]6
Mal/TDSSPack-A [Sophos]6
not-a-virus:FraudTool.Win32.AntiVirus2008.em [Kaspersky Lab]6
not-a-virus:FraudTool.Win32.MSAntivirus.av [Kaspersky Lab]6
Packed.Win32.TDSS.aa [Kaspersky Lab]6
Program:Win32/Winfixer [Microsoft]6
Troj/FakeAle-JI [Sophos]6
Trojan.Win32.FakeSpyguard [Ikarus]6
Trojan.Win32.FraudPack.gtt [Kaspersky Lab]6
not-a-virus:FraudTool.Win32.MSAntivirus.cf [Kaspersky Lab]5
not-a-virus:FraudTool.Win32.MSAntivirus.k [Kaspersky Lab]5
Trojan-Downloader.Win32.Renos.AF [Ikarus]5
Generic FakeAlert!bu [McAfee]4
Mal/FakeAV-I, Mal/EncPk-CZ [Sophos]4
Mal/FakeAV-X [Sophos]4
not-a-virus:FraudTool.Win32.AntiVirus2008.bb [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.Antivirus2008pro.bq [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.Antivirus2009.av [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.BrowserProtectionCenter.i [Kaspersky Lab]4
not-a-virus:FraudTool.Win32.UltimateAntivirus.bl [Kaspersky Lab]4
Packed.Win32.Tdss.d [Kaspersky Lab]4
RogueAntiSpyware.AntiVirus2009 [PC Tools]4
Troj/FakeAv-XM [Sophos]4
Troj/FakeVir-FO [Sophos]4
TROJ_FAKEAV.JZ [Trend Micro]4
Trojan.Win32.FakeScanti [Ikarus]4
Trojan.Win32.FraudPack.gen [Kaspersky Lab]4
Trojan.Win32.FraudPack.gtm [Ikarus]4
Trojan.Win32.FraudPack.gtm [Kaspersky Lab]4
Trojan.Win32.FraudPack.krt [Kaspersky Lab]4
Trojan.Win32.FraudPack.umv [Kaspersky Lab]4
Trojan.Win32.FraudPack.uoe [Kaspersky Lab]4
Trojan:Win32/FakeRean [Microsoft]4
Trojan:Win32/Yektel.E [Microsoft]4
Virus.Win32.Fasec [Ikarus]4
Virus.Win32.Trojan [Ikarus]4
Win32.KME.Based [Ikarus]4
Win-Trojan/FakeAv.390144 [AhnLab]4
FakeAlert-XPSecCenter [McAfee]3
Generic FakeAlert.a [McAfee]3
Generic FakeAlert.b [McAfee]3
Mal/EncPk-CZ, Mal/EncPk-EI [Sophos]3
Mal/EncPk-EQ [Sophos]3
Mal/FakeAV-AK [Sophos]3
not-a-virus:FraudTool.Win32.Antivirus2010.b [Kaspersky Lab]3
not-a-virus:FraudTool.Win32.XPAntivirus.tt [Kaspersky Lab]3
Trojan.Crypt [Ikarus]3
Trojan.Peed [Ikarus]3
Trojan.Virantix.C [Symantec]3
Trojan:Win32/FakeScanti [Microsoft]3
Trojan-Downloader.Hoaxer!sd6 [PC Tools]3
WinFixer [McAfee]3

AntiVirus2009 [Symantec] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation202
Ukraine9
Germany5

AntiVirus2009 [Symantec] is known to be created as:
%AppData%\lizkavd.exe
%AppData%\seres.exe
%AppData%\svcst.exe
%ProgramFiles%\aav\aav.exe
%ProgramFiles%\advancedvirusremover\pavrm.exe
%ProgramFiles%\antispywarexp2009\uninstall.exe
%ProgramFiles%\antivirus protection\avp_update.exe
%ProgramFiles%\antiviruspro_2010\antiviruspro_2010.exe
%ProgramFiles%\antiviruspro2009\uninstall.exe
%ProgramFiles%\microantivirus\microav.exe
%ProgramFiles%\microav\microav.exe
%ProgramFiles%\pchealthcenter\0.exe
%ProgramFiles%\personal anti malware\avp_update.exe
%ProgramFiles%\power-antivirus-2009\power-antivirus-2009.exe
%ProgramFiles%\pwx\pwx.exe
%ProgramFiles%\sav\sav.exe
%ProgramFiles%\system guard 2009\systemguard.exe
%ProgramFiles%\totalvirusprotection\totalvirusprotection.exe
%ProgramFiles%\totalvirusprotection\webmonitor.exe
%ProgramFiles%\vav\vav.exe
%ProgramFiles%\virusremover2009\vrm2009.exe
%ProgramFiles%\wav\wav.exe
%ProgramFiles%\xp_antispyware\uninstall.exe
%System%\avcorefn.dll
%System%\core.dll
%System%\dddesot.dll
%System%\desot.exe
%System%\explorer32.exe
%System%\glu3232.dll
%System%\ieupdates.exe
%Temp%\ifxayqokvy.dll
%Temp%\ssinstdll.dll
%Temp%\wini10491.exe
%Temp%\wssp\antivirus 2009\install.exe
%Windir%\svohost.exe
c:\wridiint.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.