Threat Search: 

ThreatExpert's Statistics for Backdoor.Trojan [Symantec]:

Backdoor.Trojan [Symantec] is also known as:
Threat AliasNumber of Incidents
Trojan-Downloader.Win32.Agent.bfj [Kaspersky Lab]102,044
TROJ_AGENT.ZGE [Trend Micro]72,361
Trojan.DL.Agent.WEZ [PC Tools]72,361
TROJ_AGENT.VJC [Trend Micro]36,990
Trojan-Downloader.Agent!sd5 [PC Tools]19,875
Generic.dx [McAfee]17,945
IRC/Flood.gen.e [McAfee]3,551
not-a-virus:Client-IRC.Win32.mIRC.601 [Kaspersky Lab]3,500
Trojan.Zapchast [PC Tools]3,392
BKDR_ZAPCHAST.AX [Trend Micro]3,127
Troj/Mirchack-A [Sophos]2,173
Trojan:Win32/Zapchast [Microsoft]2,173
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]1,728
Mal/Generic-A [Sophos]1,407
Generic BackDoor [McAfee]1,344
Trojan.DL.CKSPost.Gen [PC Tools]802
BackDoor-CXI [McAfee]743
Backdoor.IRC.Bot [Symantec]742
Win-Trojan/IRCHack.593262 [AhnLab]689
Backdoor:Win32/Poisonivy.E [Microsoft]676
Backdoor.Win32.Poison.pg [Kaspersky Lab]646
TSPY_QQROB.AOA [Trend Micro]645
Trojan-PSW.QQRob!sd5 [PC Tools]629
Trojan:Win32/Oficla.A [Microsoft]609
Trojan.Win32.Oficla [Ikarus]599
Win-Trojan/Downloader.24576.YL [AhnLab]585
WORM_NUCRP.GEN [Trend Micro]583
Trojan-Downloader.Win32.Small.amck [Kaspersky Lab]579
Troj/Keylog-JV [Sophos]562
Backdoor.Win32.Delf.ash [Kaspersky Lab]523
BackDoor-CZP [McAfee]499
Virus.Win32.Poison [Ikarus]495
Backdoor.Cakl [PC Tools]483
Trojan.Qhost.EP [PC Tools]432
Trojan.Win32.Qhost.abh [Kaspersky Lab]384
Mal/Packer [Sophos]378
BKDR_CAKL.OF [Trend Micro]372
Win-Trojan/Xema.variant [AhnLab]366
New Malware.aq [McAfee]363
Trojan-Proxy.Agent!sd5 [PC Tools]349
Proxy-Agent.be [McAfee]342
BackDoor-DKI.gen.a [McAfee]332
TROJ_RENOS.MQ [Trend Micro]320
Backdoor.Win32.VB [Ikarus]312
Win-Trojan/Poison.8192.AF [AhnLab]306
BKDR_AHZE.NY [Trend Micro]288
Backdoor.Win32.Cakl.a [Kaspersky Lab]256
Backdoor.IRCBot!sd6 [PC Tools]240
TROJ_DLOADER.EGF [Trend Micro]240
Backdoor.Win32.Cakl.d [Kaspersky Lab]239
Backdoor.Win32.Vipdataend.gu [Kaspersky Lab]225
BackDoor-AWQ.b [McAfee]225
Troj/QQRob-ABW [Sophos]225
Backdoor.Win32.IRCBot [Ikarus]220
Trojan.Pangu.Gen.1 [PC Tools]218
Win32/IRCBot.worm.variant [AhnLab]218
Trojan-Dropper.Agent [Ikarus]209
Virus.Win32.AutoRun.od [Ikarus]208
Virus.Trojan.Win32.Midgare [Ikarus]206
Virus.Win32.AutoRun.k [Kaspersky Lab]201
TrojanDownloader:Win32/Emerleox [Microsoft]200
Generic Downloader.ap [McAfee]196
TROJ_SPAMBOT.B [Trend Micro]193
Virus.Win32.Trojan [Ikarus]190
Backdoor:Win32/Poisonivy.H [Microsoft]188
BackDoor-DVR [McAfee]188
BackDoor-DSS [McAfee]184
Win-Trojan/Midgare.32256 [AhnLab]181
VirTool:Win32/CeeInject.gen!R [Microsoft]180
Backdoor:Win32/Bifrose.AE [Microsoft]173
Trojan-Downloader.Win32.Agent.bl [Kaspersky Lab]173
Mal/Inject-M [Sophos]171
Generic Downloader.s [McAfee]168
TROJ_MALOE5.A [Trend Micro]166
BackDoor-CEP.gen.g [McAfee]160
BackDoor-DSS.gen.a [McAfee]160
Backdoor.Win32.Hupigon [Ikarus]157
Backdoor.Win32.IRCBot.jvw [Kaspersky Lab]156
W32/Sdbot.worm [McAfee]156
Backdoor.VB.DVIH [PC Tools]154
Troj/Frink-Gen [Sophos]148
Troj/Agent-JCU [Sophos]144
Win-Trojan/ARPSpoofer.36725 [AhnLab]144
Win-Trojan/ARPSpoofer.92719 [AhnLab]144
Virus.Win32.Agent.AAGI [Ikarus]143
Trojan.Win32.Veslorn [Ikarus]137
Backdoor.VB!sd6 [PC Tools]135
Troj/Bckdr-QPB [Sophos]135
Backdoor.Win32.Poison [Ikarus]128
Trojan-Dropper.Delf [Ikarus]127
BackDoor-DKA [McAfee]126
WORM_AGENT.SPS [Trend Micro]126
Trojan-Proxy.Win32.Agent.lv [Kaspersky Lab]122
Generic Downloader.x [McAfee]121
BKDR_DELF.CMV [Trend Micro]120
Downloader-BMN [McAfee]118
Backdoor.IRCBot [PC Tools]116
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]116
TrojanDownloader:Win32/Tracur.A [Microsoft]114
Win32.SuspectCrc [Ikarus]114

Backdoor.Trojan [Symantec] has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation3,427
China970
Netherlands352
Germany196
Slovenia93
Spain74
Sweden55
United Kingdom49
France47
Brazil46
Italy31
Ukraine29
Turkey27
Poland24
Iran21
Portugal18
Republic of Korea18
Saudi Arabia18
Israel15
Canada9
Switzerland8
Taiwan8
Japan5
Australia4
Egypt4
Greece4
Slovakia4
Belgium2
Bulgaria2
Czech Republic2
Denmark2
New Zealand2
Norway2
Thailand2
Algeria1
Argentina1
Estonia1
Finland1
United Arab Emirates1
Viet Nam1

Backdoor.Trojan [Symantec] is known to be created as:
%AllUsersProfile%\drm\drm.exe
%AllUsersProfile%\drm\userdata.dll
%AppData%\1.exe
%AppData%\80.exe.exe
%AppData%\adobe\reader_sl.exe
%AppData%\bifrost\server.exe
%AppData%\cftmon.exe
%AppData%\google\update\googleupdatebeta.exe
%AppData%\gpass\gfltdrv.sys
%AppData%\iexplorer.exe
%AppData%\irm.dll
%AppData%\key folder\sql2005.dll
%AppData%\kf8ze.exe
%AppData%\lsasrv.exe
%AppData%\micro.exe
%AppData%\microsoft\appdyo.exe
%AppData%\microsoft\svchost.exe
%AppData%\microsoft\windows\winlogon.exe
%AppData%\microsoft\winlog.exe
%AppData%\my_server.exe
%AppData%\num.5.0.46.build.1205-patch.exe
%AppData%\ontwv.exe
%AppData%\qq\a.exe
%AppData%\reddiget\install.exe
%AppData%\setup.exe
%AppData%\spool.exe
%AppData%\svchost.exe
%AppData%\svchost32.exe
%AppData%\system\svchost32.exe
%AppData%\system\sys.exe
%AppData%\temp\eixplorer.exe
%AppData%\update.exe
%AppData%\waults.exe
%AppData%\windows update\winupdate.exe
%AppData%\windowsupdate.exe
%AppData%\wuauct.exe
%AppData%\xlibgfl254.dll
%CommonAppData%\%computername%\taskenv.exe
%CommonAppData%\fearghus\lsass.exe
%CommonAppData%\microsoft\crypto\dss\dss.exe
%CommonAppData%\microsoft\crypto\dss\machinekeys\machinekeys.exe
%CommonAppData%\microsoft\crypto\rsa\machinekeys\machinekeys.exe
%CommonAppData%\microsoft\crypto\rsa\rsa.exe
%CommonAppData%\microsoft\crypto\rsa\s-1-5-18\s-1-5-18.exe
%CommonAppData%\microsoft\microsoft.exe
%CommonAppData%\microsoft\network\connections\cm\cm.exe
%CommonAppData%\microsoft\network\connections\connections.exe
%CommonAppData%\microsoft\network\connections\pbk\pbk.exe
%CommonAppData%\microsoft\network\install.exe
%CommonAppData%\microsoft\network\network.exe
%CommonAppData%\microsoft\usb2.0\usb-hi.exe
%CommonAppData%\vmware\vmware.exe
%CommonDesktopDir%\desktop.exe
%CommonDocuments%\settings\abc32.dll
%CommonDocuments%\settings\bot.dll
%CommonDocuments%\settings\winsys2f.dll
%CommonFavorites%\netservice.exe
%CommonFavorites%\plugin\001.dll
%CommonPrograms%\startup\avp.exe
%CommonPrograms%\startup\gbplugin.exe
%CommonPrograms%\startup\kbdrv16.com
%CommonPrograms%\startup\msnmsg.scr
%CommonPrograms%\startup\rf3.exe
%CommonPrograms%\startup\svchost.exe
%CommonPrograms%\startup\svckost.exe
%DesktopDir%\counterstrike.exe
%DesktopDir%\halflife.exe
%DownloadedProgramFiles%\d0j1q3kh.dll
%DownloadedProgramFiles%\n35.dll
%DownloadedProgramFiles%\ummu.dll
%FontsDir%\360eaec0.exe
%FontsDir%\b4b147bc522828731f1a016bfa72c073\system\clfmon.exe
%FontsDir%\comres.dll
%FontsDir%\nwlnkfwd.exe
%FontsDir%\nwlnkipx.exe
%FontsDir%\nwlnknb.exe
%FontsDir%\nwlnkspx.exe
%FontsDir%\nwrdr.exe
%FontsDir%\oprghdlr.exe
%FontsDir%\p3.exe
%FontsDir%\svchost.exe
%FontsDir%\taksmgr.exe
%FontsDir%\wacult.exe
%InternetCache%\35010.exe
%InternetCache%\67463.exe
%InternetCache%\79235.exe
%InternetCache%\99648.exe
%InternetCache%\pack13042.exe
%InternetCache%\rundll32.exe
%LocalSettings%\realsched.exe
%LocalSettings%\temp1458.exe
%LocalSettings%\temp7532.exe
%LocalSettings%\temps.scr
%LocalSettings%\temptmp.exe
%MyDocuments%\counterstrike.exe
%MyDocuments%\halflife.exe
%MyDocuments%\mindgame.exe
%Profiles%\photo\photo1.exe
%ProgramFiles%\_rejoice2009.exe
%ProgramFiles%\99\88.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
  • %CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
  • %CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
  • %DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.