Threat Search: 

ThreatExpert's Statistics for Generic PUP.x [McAfee]:

Generic PUP.x [McAfee] is also known as:
Threat AliasNumber of Incidents
Troj/FakeAV-CL [Sophos]14,484
RogueAntiSpyware.AntivirusXP2008 [PC Tools]7,486
TROJ_RENOS.ACG [Trend Micro]6,966
AntiVirus2008 [Symantec]4,614
Troj/FakeVir-DE [Sophos]4,300
not-a-virus:FraudTool.Win32.XPAntivirus.ld [Kaspersky Lab]4,128
Win32.SuspectCrc [Ikarus]3,985
Adware.CPush [Symantec]2,048
Program:Win32/Antivirus2008 [Microsoft]2,022
not-a-virus:AdWare.Win32.BHO.dbj [Kaspersky Lab]1,716
AntiVirus2009 [Symantec]1,626
not-a-virus:FraudTool.Win32.XPAntivirus.oj [Kaspersky Lab]1,593
TROJ_FAKEALER.GV [Trend Micro]1,593
Troj/FakeAle-GZ [Sophos]1,215
RogueAntiSpyware.AntiVirusPro [PC Tools]918
Adware.BHO!sd6 [PC Tools]773
FakeAlert-AB [McAfee]513
not-a-virus:AdWare.Win32.BHO.ee [Kaspersky Lab]505
PHISH.FraudTool.XPAntivirus [Ikarus]405
not-a-virus:AdWare.Win32.BHO.cwl [Kaspersky Lab]280
Adware.BHO!sd5 [PC Tools]271
Trojan Horse [Symantec]271
not-a-virus:AdWare.Win32.BHO.clx [Kaspersky Lab]247
Adware.Sogou [PC Tools]232
PHISH.FraudTool.XPAntivirus.OJ [Ikarus]189
Generic.Win32.Malware.Sogou [Ikarus]183
not-a-virus:FraudTool.Win32.MSAntivirus.r [Kaspersky Lab]176
Program:Win32/Sogou [Microsoft]171
Troj/AdClick-ER [Sophos]171
not-a-virus:AdWare.Win32.BHO.dzf [Kaspersky Lab]160
Downloader.MisleadApp [Symantec]137
Adware.CPush!sd6 [PC Tools]130
Mal/FakeAV-F [Sophos]123
not-a-virus:FraudTool.Win32.UltimateAntivirus.cc [Kaspersky Lab]121
Hacktool [Symantec]117
Adware.BHO.EE [PC Tools]111
TROJ_FAKEALER.VL [Trend Micro]110
Hacktool.Rootkit [Symantec]100
Troj/FakeAle-FJ [Sophos]94
not-a-virus:AdWare.Win32.BHO.cep [Kaspersky Lab]84
Trojan.Fakeavalert [Symantec]84
not-a-virus:FraudTool.Win32.Agent.cb [Kaspersky Lab]78
TROJ_ADCLICK.CH [Trend Micro]77
Trojan-Downloader.MisleadApp!sd6 [PC Tools]77
Generic.Win32.Malware.Antivirus2008 [Ikarus]56
not-a-virus:PSWTool.Win32.FirePass.a [Kaspersky Lab]56
Adware:Win32/Owlforce [Microsoft]52
Generic.Win32.Malware.FakeAlert.N [Ikarus]50
TROJ_FAKEAV.JI [Trend Micro]44
Rootkit.OnlineGames.Gen.89 [PC Tools]42
Trojan:Win32/FakeSecSen [Microsoft]41
not-a-virus:AdWare.Win32.BHO.dxc [Kaspersky Lab]40
not-a-virus:AdWare.Win32.BHO.agy [Kaspersky Lab]36
Downloader [Symantec]35
PSWTool.RAS!sd5 [PC Tools]35
TROJ_AGENT.VXO [Trend Micro]35
Adware.Agent!sd6 [PC Tools]34
Infostealer.Gampass [Symantec]32
not-a-virus:AdWare.Win32.Agent.dyp [Kaspersky Lab]32
HackTool.Win32.Homac [Kaspersky Lab]31
HackTool.Homac!sd5 [PC Tools]30
Rootkit.Agent!sd6 [PC Tools]30
Trojan.FakeAlert [PC Tools]30
Trojan.Zlob [Symantec]28
Trojan.Fakeavalert!sd6 [PC Tools]27
Mal/FakeAV-E [Sophos]26
not-a-virus:AdWare.Win32.BHO.cjh [Kaspersky Lab]26
Mal/Agent-E [Sophos]25
Mal/EncPk-BW [Sophos]25
Troj/FakeAle-GY [Sophos]25
Trojan.Win32.BHO.gpv [Kaspersky Lab]25
Generic PUP.b [McAfee]24
not-a-virus:PSWTool.Win32.FirePass.m [Kaspersky Lab]24
Infostealer [Symantec]22
Adware:Win32/AdRotator [Microsoft]21
Backdoor.Trojan [Symantec]21
Adware.NetPumper [PC Tools]20
RogueAntiSpyware.MS_Antivirus [PC Tools]20
Trojan.Win32.BHO.gpv [Ikarus]20
VirTool:Win32/CeeInject.gen!J [Microsoft]20
Adware.ISMonitor!sd6 [PC Tools]19
VirTool:WinNT/Knockex.D [Microsoft]19
not-a-virus:PSWTool.Win32.RAS.a [Kaspersky Lab]18
Trojan.Adclicker [Symantec]18
VirTool:Win32/VBInject.gen!C [Microsoft]18
TrojanDownloader:Win32/Renos.DU [Microsoft]17
VirTool:Win32/DelfInject.gen!X [Microsoft]17
not-a-virus:AdTool.Win32.MyWebSearch.ck [Kaspersky Lab]16
Troj/FakeVir-FL [Sophos]16
Virus.Win32.Adload.LN [Ikarus]16
Hoax.Win32.Renos [Ikarus]15
Virus.Win32.FakeAlert.S [Ikarus]15
Hacktool.Rootkit!sd6 [PC Tools]14
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]14
Trojan.Win32.VB.ekb [Kaspersky Lab]14
DoctorAdwarePro [Symantec]13
Hacktool.PassReminder [Symantec]13
Mal/EncPk-CZ [Sophos]13
Mal/Generic-A [Sophos]13
TROJ_BFFL.A [Trend Micro]12

Generic PUP.x [McAfee] has the following possible countries of origin:
OriginNumber of Incidents
China2,925
United Kingdom2,304
Russian Federation215
Israel23
Taiwan19
Canada10
Ukraine10
Germany7
Spain6
South Africa5
Italy4
Sweden4
Australia3
France3
Argentina1
Belgium1
Brazil1
Egypt1
Netherlands1
Norway1
Poland1
Portugal1
Republic of Korea1
Switzerland1
Trinidad and Tobago1

Generic PUP.x [McAfee] is known to be created as:
%AppData%\dxdlls\dxdlg.exe
%AppData%\dxdlls\imapdb.exe
%DownloadedProgramFiles%\thunderadvise.dll
%MyDocuments%\spydevastator\sdbho.dll
%ProgramFiles%\aav\aav.exe
%ProgramFiles%\advancedhelper\advancedhelper-1.dll
%ProgramFiles%\adware deluxe\spywares\browser hijack\helper.dll
%ProgramFiles%\alertspy\spywares\spydb.exe
%ProgramFiles%\amsys\swsys.exe
%ProgramFiles%\antispywarexp2009\uninstall.exe
%ProgramFiles%\antivirus 2008\antvrs.exe
%ProgramFiles%\asc 2.1\ascwarning32.dll
%ProgramFiles%\avm\avm.exe
%ProgramFiles%\bifrost\server.exe
%ProgramFiles%\buysafeshoppingadvisor\buysafeshoppingadvisor.dll
%ProgramFiles%\calendar\htmlpeek.dll
%ProgramFiles%\closemonitor\baidu.exe
%ProgramFiles%\common files\cpush\cpush.dll
%ProgramFiles%\common files\cpush\uninst.exe
%ProgramFiles%\common files\pushware\cpush.dll
%ProgramFiles%\common files\pushware\uninst.exe
%ProgramFiles%\common files\system\svchostu.exe
%ProgramFiles%\dfsdfsd\kiss.exe
%ProgramFiles%\doctor adware\spywares\browser hijack\helper.dll
%ProgramFiles%\ekerberos\ekerberos.exe
%ProgramFiles%\eroca\eroca.exe
%ProgramFiles%\fieryads\commlayer.dll
%ProgramFiles%\fieryads\fieryads.dll
%ProgramFiles%\flashmute\uninstall.exe
%ProgramFiles%\game\htmlpeek.dll
%ProgramFiles%\ganeralos\kiral.exe
%ProgramFiles%\google\googletoolbar1.dll
%ProgramFiles%\halloweentoolbar\halloweentoolbar.dll
%ProgramFiles%\http brute forcer\httpbruteforcer.exe
%ProgramFiles%\i711.com toolbar\tbhelper.dll
%ProgramFiles%\iesuper\iesuper.dll
%ProgramFiles%\ism\ism.exe
%ProgramFiles%\kwssolution\kwsguide.dll
%ProgramFiles%\kwssolution\kwsguideupt.exe
%ProgramFiles%\luckytender\1.3.0\luckytender.dll
%ProgramFiles%\mail passview\mailpv.exe
%ProgramFiles%\medilexicon toolbar\tbhelper.dll
%ProgramFiles%\messenpass\mspass.exe
%ProgramFiles%\mirc\irc bot\svchost.exe
%ProgramFiles%\msa\msa.exe
%ProgramFiles%\myportal\speed-x\uninstall.exe
%ProgramFiles%\mywebsearch\bar\1.bin\f3scrctr.dll
%ProgramFiles%\netpumper\npnetpumper_application.dll
%ProgramFiles%\netpumper\npnetpumper_video.dll
%ProgramFiles%\network password recovery\netpass.exe
%ProgramFiles%\oovootoolbar\oovootoolbar.dll
%ProgramFiles%\ozby toolbar\tbhelper.dll
%ProgramFiles%\pchealthcenter\0.exe
%ProgramFiles%\pchealthcenter\1.exe
%ProgramFiles%\pchealthcenter\2.exe
%ProgramFiles%\pchealthcenter\5.exe
%ProgramFiles%\pcprivacycleaner\pcpc.exe
%ProgramFiles%\pestbot\spywares\browser hijack\helper.dll
%ProgramFiles%\plein66\tbhelper.dll
%ProgramFiles%\pointcash\uninstall.exe
%ProgramFiles%\qdrdrive\qdrdrive20.dll
%ProgramFiles%\qdrdrive\qdrdrive9.dll
%ProgramFiles%\remote\remote.exe
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
%ProgramFiles%\richvideocodec\multiloader.dll
%ProgramFiles%\rupass\rupass.dll
%ProgramFiles%\rx toolbar\rx.dll
%ProgramFiles%\sav\sav.exe
%ProgramFiles%\scourtoolbar\scourtoolbar.dll
%ProgramFiles%\setup_iesuper_0010071.exe
%ProgramFiles%\spydestroy pro\spywares\browser hijack\helper.dll
%ProgramFiles%\spyguard\parser.exe
%ProgramFiles%\spymaxx\parser.exe
%ProgramFiles%\spytech software\spytech spyagent\svchost.exe
%ProgramFiles%\super fast shutdown\shutdown.exe
%ProgramFiles%\tibee\tibee.dll
%ProgramFiles%\timerdesk\htmlpeek.dll
%ProgramFiles%\totalsecure2009\scan.exe
%ProgramFiles%\uav\uav.exe
%ProgramFiles%\ultimateenhancer\ultimateenhancer-1.dll
%ProgramFiles%\urlfreeze toolbar\tbhelper.dll
%ProgramFiles%\vg\dial.dll
%ProgramFiles%\virtualnetwork\virtualnetwork.dll
%ProgramFiles%\virusisolator\virusisolator.exe
%ProgramFiles%\vnrblock\vnrblock20.exe
%ProgramFiles%\wav\wav.exe
%ProgramFiles%\web buying\v1.8.5\wbuninst.exe
%ProgramFiles%\winprotector3.8\winprotector.exe
%ProgramFiles%\www.4fuckbuddies.co.uk\tbhelper.dll
%ProgramFiles%\zero freezer 1.5\data_file.exe
%ProgramFiles%\zumie\zumie.dll
%Programs%\startup\userinit.exe
%System%\_urltvbltjpta.dll
%System%\0914\1346.exe
%System%\219725\219725.dll
%System%\2b1.dll
%System%\5cc10129.dll
%System%\673351\673351.dll
%System%\784953\784953.dll
%System%\agin_bho.dll
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
  • %MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).