ThreatExpert's Statistics for BehavesLikeWin32.ExplorerHijack [Ikarus]:

BehavesLikeWin32.ExplorerHijack [Ikarus] is also known as:

Threat Alias	Number of Incidents
Mal/Behav-160, Mal/Basine-C [Sophos]	107
Packed.Win32.Black.a [Kaspersky Lab]	48
Mal/Behav-285 [Sophos]	44
New Malware.jn [McAfee]	33
Downloader [Symantec]	18
Trojan Horse [Symantec]	11
Mal/Behav-285, Troj/Virtum-Gen [Sophos]	10
AFXrootkit.gen [McAfee]	9
Infostealer [Symantec]	9
Mal/Basine-C [Sophos]	9
PWS:Win32/Bividon.A.dll [Microsoft]	9
Trojan-PSW.Win32.Nilage.cjs [Kaspersky Lab]	9
Backdoor.Bifrose [Symantec]	8
Mal/Basine-C, Mal/Behav-010 [Sophos]	8
Mal/Delf-M, Mal/Behav-027, Mal/Behav-010 [Sophos]	8
Generic.dx [McAfee]	7
Backdoor.Trojan [Symantec]	6
BackDoor-AWQ.svr.gen.a [McAfee]	6
BKDR_HUPIGON.GEN [Trend Micro]	6
Downloader.gen.a [McAfee]	6
Infostealer.Bancos [Symantec]	6
Backdoor.Graybird [Symantec]	5
Downloader.MisleadApp [Symantec]	5
Mal/Basine-A, Mal/Delf-M, Mal/Basine-C, Mal/Behav-010 [Sophos]	5
Trojan-Downloader.MisleadApp!sd6 [PC Tools]	5
Backdoor.Graybird!Gen [Symantec]	4
Backdoor:Win32/Bifrose [Microsoft]	4
Backdoor:Win32/Hupigon [Microsoft]	4
Generic Delphi [McAfee]	4
Generic Downloader.c [McAfee]	4
Mal/Basine-A, Mal/Basine-C [Sophos]	4
Mal/Behav-285, Mal/Behav-188 [Sophos]	4
Trojan.Flush.G [Symantec]	4
Trojan:Win32/AgentBypass.gen!K [Microsoft]	4
Trojan-Downloader.Win32.Delf.bbj [Kaspersky Lab]	4
TrojanDownloader:Win32/Delf.FC [Microsoft]	4
TrojanDownloader:Win32/Small.gen!I [Microsoft]	4
TrojanDownloader:Win32/Small.gen!N [Microsoft]	4
W32.Randex.gen [Symantec]	4
Backdoor.Bifrose!sd6 [PC Tools]	3
Backdoor.Win32.Beastdoor [Ikarus]	3
BackDoor-CEP.svr [McAfee]	3
Downloader.Trojan [Symantec]	3
Mal/Generic-A [Sophos]	3
not-a-virus:Downloader.Win32.FraudLoad.ie [Kaspersky Lab]	3
PWS-Banker [McAfee]	3
PWS-Banker.gen.i [McAfee]	3
Rootkit.Agent!sd6 [PC Tools]	3
Trojan.Startpage [Symantec]	3
Trojan-Downloader.Win32.Delf.ajm [Kaspersky Lab]	3
TrojanDownloader:Win32/Small [Microsoft]	3
TrojanSpy:Win32/Banker.GV [Microsoft]	3
TrojanSpy:Win32/Logsnif.gen [Microsoft]	3
Win-Trojan/Qhost.46195 [AhnLab]	3
Worm.Win32.AutoRun.bdq [Kaspersky Lab]	3
Backdoor.Hupigon.GEN [PC Tools]	2
Backdoor.Win32.Hupigon.mmt [Kaspersky Lab]	2
Backdoor.Win32.Rbot.gwb [Kaspersky Lab]	2
Backdoor:Win32/Bifrose.AE [Microsoft]	2
Demo-LeakTest [McAfee]	2
Downloader.Bancos [Symantec]	2
Generic Downloader.x [McAfee]	2
Generic Downloader.z [McAfee]	2
Generic PWS.y [McAfee]	2
Generic.dl [McAfee]	2
Generic.fe [McAfee]	2
Hacktool.Rootkit [Symantec]	2
Mal/Basine-A, Mal/Basine-C, Mal/Behav-010 [Sophos]	2
Mal/Basine-A, Mal/Delf-M, Mal/Behav-027, Mal/Basine-C, Mal/Behav-010 [Sophos]	2
Mal/Basine-A, Mal/Emogen-G, Mal/Basine-C [Sophos]	2
Mal/Basine-C, Mal/Behav-160 [Sophos]	2
Mal/Basine-C, Mal/Emogen-E [Sophos]	2
Mal/Behav-010, Mal/Behav-024, Mal/Basine-C, Mal/Behav-027, Mal/Behav-103, Mal/Behav-043 [Sophos]	2
Mal/Behav-043, Mal/Emogen-S, Mal/Basine-C [Sophos]	2
Mal/Behav-285, Mal/Behav-103, Mal/Behav-043 [Sophos]	2
Mal/Behav-285, Mal/Dropper-AD [Sophos]	2
Mal/Bifrose-S, Mal/Behav-285 [Sophos]	2
Mal/Emogen-E, Mal/Basine-C [Sophos]	2
Mal_Banker [Trend Micro]	2
PWS-Banker.dldr [McAfee]	2
PWS-Banker.gen.aa [McAfee]	2
Rootkit.Win32.Agent.gcf [Kaspersky Lab]	2
Trojan:Win32/Malagent [Microsoft]	2
Trojan-Downloader.Win32.Delf.atr [Kaspersky Lab]	2
Trojan-Downloader.Win32.Delf.awr [Kaspersky Lab]	2
Trojan-Downloader.Win32.Delf.bhc [Kaspersky Lab]	2
TrojanDownloader:Win32/Tearspear [Microsoft]	2
Trojan-Dropper.Win32.Small.akj [Kaspersky Lab]	2
TrojanDropper:Win32/Delf.CV [Microsoft]	2
Trojan-PSW.Nilage!sd6 [PC Tools]	2
Trojan-PWS.Nilage [PC Tools]	2
W32.Spybot.Worm [Symantec]	2
Worm.AutoRun.AKN [PC Tools]	2
Worm.RBot.WQM [PC Tools]	2
Backdoor.Beasty.H [Symantec]	1
Backdoor.Graybird.GEN [PC Tools]	1
Backdoor.Graybird.K [Symantec]	1
Backdoor.HackDefender [Symantec]	1
Backdoor.Hupigon.Gen.2 [PC Tools]	1
Backdoor.Hupigon.HIF [PC Tools]	1

BehavesLikeWin32.ExplorerHijack [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	26
	China	24
	Sweden	8
	Spain	3
	Russian Federation	2
	Switzerland	2
	France	1
	Romania	1

BehavesLikeWin32.ExplorerHijack [Ikarus] is known to be created as:

%AppData%\klg1.dll

%CommonFavorites%\netservice.exe

%CommonPrograms%\startup\jvm0.exe

%CommonPrograms%\startup\msdoc.exe

%CommonPrograms%\startup\win.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\common files\ahc.exe

%ProgramFiles%\internet explorer\loadie.exe

%System%\crssxp.exe

%System%\defrag.com

%System%\explorer.exe

%System%\fservice.exe

%System%\iexplorer.exe

%System%\jvm0.exe

%System%\ly_server2008.exe

%System%\mjcs.exe

%System%\msdoc.exe

%System%\msgalq.com

%System%\pivys.exe

%System%\rundll33.exe

%System%\svchosts.exe

%System%\taskmon.exe

%System%\totalmente-sem-roupa.exe

%System%\upc.exe

%System%\win32_load.exe

%System%\winbibl.exe

%System%\wincf_35.dll

%System%\wincom.exe

%System%\winjtm.exe

%System%\wuauc1t.exe

%Temp%\thermite\thermite.exe

%Temp%\wincf_35.dll

%Windir%\1.exe

%Windir%\czvocs.exe

%Windir%\g_server.exe

%Windir%\help\csrsss.exe

%Windir%\help\syst.exe

%Windir%\img2.exe

%Windir%\java\classes\clregersrcsc.exe

%Windir%\java\classes\clrepscesc.exe

%Windir%\java\classes\clrepsesvcs.exe

%Windir%\java\classes\clrpkresresc.exe

%Windir%\java\classes\foundfound.exe

%Windir%\media\fuwarxyus.dll

%Windir%\msagent\msgfpk.com

%Windir%\msnmsgr.exe

%Windir%\mstwain32.exe

%Windir%\pchealth\helpctr\binaries\clipsresers.exe

%Windir%\pchealth\helpctr\binaries\clipsrwer.exe

%Windir%\pchealth\helpctr\binaries\clrpsiverc.exe

%Windir%\services.exe

%Windir%\svchost.exe

%Windir%\svcpos.exe

%Windir%\system\netstat.exe

%Windir%\system\smvss.exe

%Windir%\system\sservice.exe

%Windir%\winsystem.exe

c:\explorer.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.