ThreatExpert's Statistics for CoreGuardAntivirus2009 [Symantec]:

CoreGuardAntivirus2009 [Symantec] is also known as:

Threat Alias	Number of Incidents
RogueAntiSpyware.CoreGuardAntivirus2009 [PC Tools]	108
Trojan:Win32/FakeCog [Microsoft]	72
Trojan:Win32/Fakeinit [Microsoft]	61
Packed.Win32.TDSS.aa [Kaspersky Lab]	56
FakeAlert-FQ [McAfee]	52
TROJ_FAKEAV.SMSS [Trend Micro]	52
Mal/FakeAV-CB, Mal/TDSSPack-Q [Sophos]	48
Win-Trojan/Xema.variant [AhnLab]	40
FakeAlert-KS.a [McAfee]	29
Trojan.InterNetSecurity.a.gen [PC Tools]	29
RogueAntiSpyware.Coreguard Antivirus 2009 [PC Tools]	24
FakeAlert-KS [McAfee]	18
Trojan.Win32.FakeAV.bs [Kaspersky Lab]	17
DNSChanger.p [McAfee]	16
FakeAlert-CK [McAfee]	16
Mal/FakeAV-BT [Sophos]	16
Mal/FakeAV-BX, Mal/EncPk-MC [Sophos]	15
Trojan.Win32.FraudPack.acik [Kaspersky Lab]	15
FakeAlert-FA [McAfee]	14
TROJ_FRAUDPA.SMK [Trend Micro]	14
Mal/Generic-A [Sophos]	12
Mal/FakeAV-BW [Sophos]	9
Packed.Win32.Tdss [Ikarus]	9
Mal/FakeAV-BX [Sophos]	7
Trojan.Win32.FakeAV [Ikarus]	6
Trojan:Win32/FakeRean [Microsoft]	6
Mal/FakeAV-BW, Mal/Bredo-F [Sophos]	5
Mal/TibsPk-D, Mal/FakeAV-Gen [Sophos]	5
RogueAntiSpyware.InternetSecurity2010 [PC Tools]	5
Trojan.Win32.FraudPack.afgy [Kaspersky Lab]	5
Gen.AdWare [Ikarus]	4
Mal/FakeAV-CB [Sophos]	4
Mal/TDSSPack-Q [Sophos]	4
Mal/TDSSPack-R, Mal/EncPk-KG, Mal/TDSSPack-A, Mal/EncPk-HM [Sophos]	4
Packed.Win32.Krap.an [Kaspersky Lab]	4
Troj/Bredo-BK [Sophos]	4
Trojan.Win32.FraudPack.abrk [Kaspersky Lab]	4
Trojan.Win32.Tdss.ajvp [Kaspersky Lab]	4
BackDoor-DKI.gen.at [McAfee]	3
RogueAntiSpyware.InterNetSec [PC Tools]	3
Troj/FakeAle-RG [Sophos]	3
Troj/FakeAV-ARV [Sophos]	3
Trojan.Win32.FraudPack.afeg [Kaspersky Lab]	3
Trojan.Win32.FraudPack.akjr [Kaspersky Lab]	3
Trojan.Win32.FraudPack.almb [Kaspersky Lab]	3
TrojanDownloader:Win32/Fakeinit [Microsoft]	3
Win-Trojan/Fraudpack.1380352.F [AhnLab]	3
FakeAlert-CM [McAfee]	2
FakeAlert-CoreGuard [McAfee]	2
FakeAlert-MA [McAfee]	2
FakeAlert-MA.gen [McAfee]	2
Mal/FakeAV-BW, Mal/EncPk-NI [Sophos]	2
Mal/TibsPk-D [Sophos]	2
not-a-virus:FraudTool.Win32.WinPCDefender [Ikarus]	2
not-a-virus:FraudTool.Win32.WinPCDefender.be [Kaspersky Lab]	2
Packed.Win32.TDSS.y [Kaspersky Lab]	2
Backdoor.Win32.Agent.aojv [Kaspersky Lab]	1
Backdoor.Win32.Inject.dmd [Kaspersky Lab]	1
Dropper/Malware.31232.R [AhnLab]	1
FakeAlert-KZB [McAfee]	1
Mal/EncPk-IV [Sophos]	1
Mal/EncPk-ND [Sophos]	1
Mal/FakeAV-AT [Sophos]	1
Mal/FakeAV-BW, Mal/FakeAV-AX [Sophos]	1
Mal/FakeAV-CH, Mal/FakeAV-BT [Sophos]	1
Mal/FakeVir-G [Sophos]	1
Mal/Generic-A, Mal/Bredo-F [Sophos]	1
Mal/Generic-A, Mal/FakeAV-BW [Sophos]	1
Mal/Inet-Fam, Mal/FakeVir-G [Sophos]	1
Mal/TDSSPack-A [Sophos]	1
New Malware.kd [McAfee]	1
not-a-virus:FraudTool.Win32.Agent [Ikarus]	1
not-a-virus:FraudTool.Win32.Agent.mr [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Agent.nn [Kaspersky Lab]	1
Packed.Generic.233 [Symantec]	1
Program:Win32/Coreguardav [Microsoft]	1
RogueAntiSpyware.Generic [PC Tools]	1
Trojan.Crypt [Ikarus]	1
Trojan.Win32.Agent.dggu [Kaspersky Lab]	1
Trojan.Win32.FakeCog [Ikarus]	1
Trojan.Win32.FraudPack.aecl [Kaspersky Lab]	1
Trojan.Win32.FraudPack.aedj [Kaspersky Lab]	1
Trojan.Win32.FraudPack.ajzj [Kaspersky Lab]	1
Trojan.Win32.FraudPack.alhv [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.wxpm [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.wxpn [Kaspersky Lab]	1
Virus.Packed.Win32.Krap [Ikarus]	1
Win-Trojan/Agent.25088.QR [AhnLab]	1
Win-Trojan/Fakeav.1384448 [AhnLab]	1
Win-Trojan/Fakeav.25600.B [AhnLab]	1
Win-Trojan/Fakeav.476672 [AhnLab]	1
Win-Trojan/Krap.1612288.B [AhnLab]	1
Win-Trojan/Malware.712704.E [AhnLab]	1

CoreGuardAntivirus2009 [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	83
	Ukraine	5

CoreGuardAntivirus2009 [Symantec] is known to be created as:

%AppData%\av.exe

%ProgramFiles%\advancedvirusremover\avr.exe

%ProgramFiles%\advancedvirusremover\pavrm.exe

%ProgramFiles%\antimalware\antimalware.exe

%ProgramFiles%\internetsecurity2010\is2010.exe

%ProgramFiles%\malware defense\mdefense.exe

%ProgramFiles%\malware defense\mdext.dll

%ProgramFiles%\malware defense\uninstall.exe

%ProgramFiles%\pc scout\uninstall.exe

%ProgramFiles%\securityessentials2010\se2010.exe

%System%\avr09.exe

%System%\avr10.exe

%System%\helper32.dll

%System%\helpers32.dll

%System%\is15.exe

%System%\smss32.exe

%System%\winlogon32.exe

%System%\winlogon86.exe

%System%\winupdate86.exe

%Temp%\0_11adwara.exe

%Temp%\cls_pack.exe

%Temp%\mdefense.exe

%Temp%\wingenocx.dll

%Temp%\wow64main.exe

%Temp%\wscsvc32.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).