Threat Search: 

ThreatExpert's Statistics for Downloader.MisleadApp [PC Tools]:

Downloader.MisleadApp [PC Tools] is also known as:
Threat AliasNumber of Incidents
Downloader.MisleadApp [Symantec]68
TrojanDownloader:Win32/Fakeinit [Microsoft]38
Mal/FakeAV-BW [Sophos]36
Trojan-Downloader.Win32.FraudLoad.wxvl [Kaspersky Lab]36
Generic.dx!ndq [McAfee]9
Trojan:Win32/FakeXPA [Microsoft]7
Generic FakeAlert.a [McAfee]6
Trojan.Win32.FakeAV [Ikarus]6
Adware:Win32/Kwsearchguide [Microsoft]5
Mal/Generic-A [Sophos]5
Adware-Kwsearchguide [McAfee]4
FakeAlert-FQ [McAfee]4
FakeAlert-KP [McAfee]4
Mal/EncPk-JY [Sophos]4
Trojan.Win32.FraudPack.acgv [Kaspersky Lab]4
Win32/IRCBot.worm.variant [AhnLab]4
Packed.Win32.TDSS.aa [Kaspersky Lab]3
Troj/FakeAle-LE [Sophos]3
TrojanDownloader:Win32/FakeRean [Microsoft]3
Adware:Win32/AdRotator [Microsoft]2
Downloader-BOI [McAfee]2
FakeAlert-KJ [McAfee]2
FakeAlert-WinwebSecurity.gen [McAfee]2
Generic PUP.x [McAfee]2
Hatigh [McAfee]2
Mal/EncPk-HJ, Mal/EncPk-HJ [Sophos]2
Mal/EncPk-ND [Sophos]2
Mal/Packer [Sophos]2
Mal/TDSSPack-Q [Sophos]2
PWS:Win32/Zbot.BD [Microsoft]2
PWS:Win32/Zbot.gen!B [Microsoft]2
Troj/FakeAV-ATD [Sophos]2
TROJ_FAKEAV.SMSS [Trend Micro]2
Trojan.Win32.Small [Ikarus]2
Trojan-Downloader.Win32.FraudLoad.glk [Kaspersky Lab]2
TrojanDownloader:Win32/FakeSmoke [Microsoft]2
Trojan-Dropper.Win32.BHO.i [Kaspersky Lab]2
Trojan-Spy.Win32.Zbot.wsv [Kaspersky Lab]2
W32/Tufik [McAfee]2
Win-Trojan/Downloader.30720.CS [AhnLab]2
Backdoor.Win32.Frauder.bdi [Kaspersky Lab]1
Backdoor.Win32.Frauder.brr [Kaspersky Lab]1
Dropper/Agent.106499 [AhnLab]1
Dropper/Malware.294912.N [AhnLab]1
FakeAlert-AB.dldr [McAfee]1
FakeAlert-CM [McAfee]1
FakeAlert-DZ [McAfee]1
FakeAlert-EW [McAfee]1
FakeAlert-FD [McAfee]1
FakeAlert-JU [McAfee]1
Gen.Trojan [Ikarus]1
Generic BackDoor!bhg [McAfee]1
Generic Downloader.ab [McAfee]1
Generic FakeAlert!ca [McAfee]1
Generic.Win32.Malware [Ikarus]1
Mal/EncPk-IF, Mal/FakeAV-AD, Mal/EncPk-HH [Sophos]1
Mal/EncPk-IF, Mal/FakeAV-AD, Mal/EncPk-HH, Mal/FakeVirPk-A [Sophos]1
Mal/EncPk-JD [Sophos]1
Mal/EncPk-JD, Mal/EncPk-HW, Mal/Renos-J [Sophos]1
Mal/FakeAV-AD, Mal/FakeAV-AK [Sophos]1
Mal/FakeAV-BT [Sophos]1
Mal/FakeAV-BT, Mal/TDSSPack-Q [Sophos]1
Mal/FakeAV-BX, Mal/FakeAV-BT, Mal/EncPk-IF, Mal/FakeAV-AD [Sophos]1
Mal/FakeAV-CB, Mal/TDSSPack-Q [Sophos]1
Mal/Generic-A, Mal/FakeAv-BC [Sophos]1
Mal/Generic-D, Mal/WaledPak-F [Sophos]1
Mal/Jevafus-A [Sophos]1
Mal/Krap-D, Mal/FakeAV-BP [Sophos]1
New Malware.ac [McAfee]1
not-a-virus:Downloader.Win32.FraudLoad.at [Kaspersky Lab]1
not-a-virus:FraudTool.Win32.WinSpywareProtect.bkn [Kaspersky Lab]1
Packed/FSG [PC Tools]1
Program:Win32/Winfixer [Microsoft]1
Troj/FakeAV-ANE [Sophos]1
Troj/FakeVir-PX [Sophos]1
Trojan.Win32.FraudPack.aklq [Kaspersky Lab]1
Trojan.Win32.FraudPack.ambg [Kaspersky Lab]1
Trojan.Win32.Ormimro.ab [Kaspersky Lab]1
Trojan.Win32.Runner.ry [Kaspersky Lab]1
Trojan.Win32.Small.bvb [Kaspersky Lab]1
Trojan.Win32.Tdss.awan [Kaspersky Lab]1
Trojan:Win32/Alureon.CO [Microsoft]1
Trojan:Win32/Alureon.DA [Microsoft]1
Trojan:Win32/FakeCog [Microsoft]1
Trojan:Win32/FakePlus [Microsoft]1
Trojan:Win32/FakeSpyguard [Microsoft]1
Trojan:Win32/InternetAntivirus [Microsoft]1
Trojan:Win32/Tibs.IK [Microsoft]1
Trojan:Win32/VB [Microsoft]1
Trojan:Win32/Winwebsec [Microsoft]1
Trojan-Clicker.Win32.Agent.gsk [Kaspersky Lab]1
Trojan-Clicker.Win32.Agent.gxd [Kaspersky Lab]1
Trojan-Downloader.Win32.Agent.brvh [Kaspersky Lab]1
Trojan-Downloader.Win32.FakeVimes [Ikarus]1
Trojan-Downloader.Win32.FraudLoad.dyn [Kaspersky Lab]1
Trojan-Downloader.Win32.FraudLoad.ejl [Kaspersky Lab]1
Trojan-Downloader.Win32.FraudLoad.fzm [Kaspersky Lab]1
Trojan-Downloader.Win32.FraudLoad.wcun [Kaspersky Lab]1
Trojan-Downloader.Win32.FraudLoad.wqhy [Kaspersky Lab]1
Trojan-Downloader.Win32.Zlob.bfew [Kaspersky Lab]1

Downloader.MisleadApp [PC Tools] has the following possible countries of origin:
OriginNumber of Incidents
Republic of Korea26
Germany17
Russian Federation6
Ukraine5
Brazil1
Netherlands1

Downloader.MisleadApp [PC Tools] is known to be created as:
%AppData%\ikngqm\vkbgsysguard.exe
%Profiles%\mscrss.exe
%ProgramFiles%\aprotect\aptupdater.exe
%System%\360updates.exe
%System%\768dc30.exe
%System%\frmwrk32.exe
%System%\mscrss.exe
%System%\msiconf.exe
%System%\ntos.exe
%System%\smss32.exe
%System%\winlogon32.exe
%Temp%\1.tmp_bak.exe
%Temp%\32.tmp_bak.exe
%Temp%\antivir.exe
%Temp%\bwxpxx.exe
%Temp%\loader.exe
%Temp%\settdebugx.exe
%Temp%\winupd64x.exe
%Temp%\wscsvc32.exe
%Windir%\wmspdmod.exe
%Windir%\wmvmp32.exe
c:\resycled\boot.com
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.