ThreatExpert's Statistics for Generic PUP.x [McAfee]:

Generic PUP.x [McAfee] is also known as:

Threat Alias	Number of Incidents
Troj/FakeAV-CL [Sophos]	15,015
Adware.PigSearch [Symantec]	8,027
RogueAntiSpyware.AntivirusXP2008 [PC Tools]	7,660
TROJ_RENOS.ACG [Trend Micro]	7,047
Adware.PigSearch!sd6 [PC Tools]	6,916
Win32.SuspectCrc [Ikarus]	6,000
AntiVirus2008 [Symantec]	4,763
Troj/FakeVir-DE [Sophos]	4,437
Mal/Generic-A [Sophos]	4,294
not-a-virus:FraudTool.Win32.XPAntivirus.ld [Kaspersky Lab]	4,263
AntiVirus2009 [Symantec]	2,796
not-a-virus:FraudTool.Win32.XPAntivirus.oj [Kaspersky Lab]	2,760
TROJ_FAKEALER.GV [Trend Micro]	2,760
Troj/FakeAle-GZ [Sophos]	2,448
Trojan.Tool [Ikarus]	2,432
RogueAntiSpyware.AntiVirusPro [PC Tools]	2,162
Program:Win32/Antivirus2008 [Microsoft]	2,044
Adware.Sogou [PC Tools]	2,017
not-a-virus:AdWare.Win32.Iebar.w [Kaspersky Lab]	1,911
FakeAlert-AB [McAfee]	1,872
PHISH.FraudTool.XPAntivirus [Ikarus]	1,848
Adware:Win32/Zhongsou [Microsoft]	1,638
Trojan:Win32/FakeXPA [Microsoft]	1,624
Hacktool [Symantec]	1,523
Adware.CPush [Symantec]	1,175
not-a-virus:AdWare.Win32.BHO.ee [Kaspersky Lab]	954
Adware:Win32/AdRotator [Microsoft]	934
AdWare.AdMedia.ED [Ikarus]	871
AdWare.AdMedia.ed [PC Tools]	870
Trojan.Cinmeng [Symantec]	852
not-a-virus:AdWare.Win32.AdMedia.ed [Kaspersky Lab]	842
Adware.PigSearch [PC Tools]	835
not-a-virus:AdWare.Win32.BHO.dbj [Kaspersky Lab]	750
Adware.BHO!sd6 [PC Tools]	724
Adware.Begin2search [Symantec]	716
Adware.NetPumper [PC Tools]	706
Win-Trojan/Xema.variant [AhnLab]	676
Trojan Horse [Symantec]	630
Hacktool.PassReminder [Symantec]	606
PSWTool.NetPass!sd6 [PC Tools]	581
not-a-virus:PSWTool.Win32.Messen.bh [Kaspersky Lab]	580
not-a-virus:PSWTool.Win32.Messen.bh [Ikarus]	576
not-a-virus:PSWTool.Win32.NetPass.et [Kaspersky Lab]	576
Adware.BHO!sd5 [PC Tools]	566
Tool:Win32/IEPassRecover.A [Microsoft]	552
Adware-Fastlook.dr [McAfee]	546
NetPumper [Symantec]	539
SoftwareBundler:Win32/NetPumper [Microsoft]	539
Virus.Trojan.Win32.Agent.abpb [Ikarus]	429
not-a-virus:PSWTool.Win32.NetPass [Ikarus]	368
Hacktool.PassReminder!sd6 [PC Tools]	346
not-a-virus:WebToolbar.Win32.TinyToolbar.a [Kaspersky Lab]	315
TrojanDownloader:Win32/Renos.DU [Microsoft]	298
not-a-virus:AdWare.Win32.BHO.cwl [Kaspersky Lab]	280
not-a-virus:AdWare.Win32.Zhongsou.bb [Kaspersky Lab]	257
not-a-virus:PSWTool.Win32.PasswordFox [Ikarus]	256
not-a-virus:PSWTool.Win32.MailPassView.ae [Kaspersky Lab]	255
not-a-virus:AdWare.Win32.BHO.clx [Kaspersky Lab]	247
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]	246
not-a-virus:PSWTool.Win32.Messen [Ikarus]	229
Backdoor.IRC.Bot [Symantec]	227
HackTool.Win32.Homac [Kaspersky Lab]	222
Downloader [Symantec]	221
Trojan.Dropper [Symantec]	217
Adware.Zhongsou!sd6 [PC Tools]	201
Program:Win32/Sogou [Microsoft]	198
not-a-virus:PSWTool.Win32.NetPass.eg [Kaspersky Lab]	196
AdWare.Win32.AdRotator [Ikarus]	195
Backdoor.IRC!sd6 [PC Tools]	195
not-a-virus:PSWTool.Win32.NetPass.et [Ikarus]	192
Dropper/IETimber.170576 [AhnLab]	182
Trojan-Spy.Win32.Banbra [Ikarus]	182
Adware.BHO.EE [PC Tools]	180
Mal/EncPk-DV [Sophos]	176
not-a-virus:FraudTool.Win32.MSAntivirus.r [Kaspersky Lab]	176
Dropper/Cinmus.161110 [AhnLab]	174
Troj/AdClick-ER [Sophos]	171
HackTool.Homac!sd5 [PC Tools]	169
not-a-virus:AdWare.Win32.BHO.fne [Kaspersky Lab]	154
Adware.Adrotator.GEN [PC Tools]	153
PSWTool.MailPassView!sd6 [PC Tools]	150
Adware.CPush!sd6 [PC Tools]	145
HackTool:Win32/Homac.A [Microsoft]	145
Mal/Packer [Sophos]	144
Hacktool.Rootkit [Symantec]	143
Virus.Win32.AdWare [Ikarus]	143
Downloader.MisleadApp [Symantec]	142
Adware.Agent!sd6 [PC Tools]	141
Adware.Gen [Symantec]	138
Troj/Bckdr-QPX [Sophos]	133
AdWare.bho.fne [PC Tools]	128
Generic.Win32.Malware.Sogou [Ikarus]	127
Mal/FakeAV-F [Sophos]	126
not-a-virus:FraudTool.Win32.UltimateAntivirus.cc [Kaspersky Lab]	121
HackTool.Win32.Homac [Ikarus]	120
Trojan.Fakeavalert [Symantec]	115
PSWTool.RAS!sd5 [PC Tools]	113
not-a-virus:AdWare.Win32.BHO.dzf [Kaspersky Lab]	112
TROJ_FAKEALER.VL [Trend Micro]	110
Adware:Win32/Owlforce [Microsoft]	101

Generic PUP.x [McAfee] has the following possible countries of origin:

Origin		Number of Incidents
	China	12,297
	United Kingdom	1,578
	Russian Federation	383
	Israel	122
	Germany	35
	Ukraine	27
	Taiwan	24
	Brazil	23
	Republic of Korea	21
	South Africa	20
	Canada	16
	Argentina	14
	France	14
	Spain	14
	Sweden	12
	Italy	10
	Netherlands	5
	Switzerland	5
	Australia	4
	Portugal	3
	Poland	2
	Belgium	1
	Egypt	1
	Hong Kong	1
	Japan	1
	Norway	1
	Saudi Arabia	1
	Trinidad and Tobago	1

Generic PUP.x [McAfee] is known to be created as:

%AppData%\dxdlls\dxdlg.exe

%AppData%\dxdlls\imapdb.exe

%AppData%\microsoft\windll32.exe

%AppData%\microsoft\windows\winlogon.exe

%AppData%\spool.exe

%DownloadedProgramFiles%\cnsmin.dll

%DownloadedProgramFiles%\thunderadvise.dll

%DownloadedProgramFiles%\ygw1.dll

%MyDocuments%\spydevastator\sdbho.dll

%ProgramFiles%\360saofe.exe

%ProgramFiles%\360sys.exe

%ProgramFiles%\aav\aav.exe

%ProgramFiles%\acspmonitor\hk.dll

%ProgramFiles%\advancedhelper\advancedhelper-1.dll

%ProgramFiles%\adware deluxe\spywares\browser hijack\helper.dll

%ProgramFiles%\adwarebazooka\adwarebazooka_monitor.dll

%ProgramFiles%\agava spamprotexx\tma-setup.exe

%ProgramFiles%\alertspy\spywares\spydb.exe

%ProgramFiles%\amsys\swsys.exe

%ProgramFiles%\anti-leech\turnlog.exe

%ProgramFiles%\antispywarexp2009\uninstall.exe

%ProgramFiles%\antivirus 2008\antvrs.exe

%ProgramFiles%\aol toolbar\toolbar.dll

%ProgramFiles%\asc 2.1\ascwarning32.dll

%ProgramFiles%\avm\avm.exe

%ProgramFiles%\bifrost\mgs.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\svchost32.exe

%ProgramFiles%\btremotecontrol\fy2000.exe

%ProgramFiles%\buysafeshoppingadvisor\buysafeshoppingadvisor.dll

%ProgramFiles%\calendar\htmlpeek.dll

%ProgramFiles%\chmdecompiler\baidu.exe

%ProgramFiles%\closemonitor\baidu.exe

%ProgramFiles%\common files\cpush\cpush.dll

%ProgramFiles%\common files\cpush\uninst.exe

%ProgramFiles%\common files\iexplorer.exe

%ProgramFiles%\common files\pushware\cpush.dll

%ProgramFiles%\common files\pushware\uninst.exe

%ProgramFiles%\common files\system\svchostu.exe

%ProgramFiles%\dfsdfsd\kiss.exe

%ProgramFiles%\dfse.exe

%ProgramFiles%\doctor adware\spywares\browser hijack\helper.dll

%ProgramFiles%\dropspam\_setupx.dll

%ProgramFiles%\dudu\speed\dhtiwl.dll

%ProgramFiles%\ekerberos\ekerberos.exe

%ProgramFiles%\elcomsoft\advanced im password recovery\aimpr.exe

%ProgramFiles%\eroca\eroca.exe

%ProgramFiles%\everest poker\cstart.exe

%ProgramFiles%\fieryads\commlayer.dll

%ProgramFiles%\fieryads\fieryads.dll

%ProgramFiles%\flashmute\uninstall.exe

%ProgramFiles%\game\htmlpeek.dll

%ProgramFiles%\ganeralos\kiral.exe

%ProgramFiles%\getmodule\getmodule24.exe

%ProgramFiles%\getpack\getpack23.exe

%ProgramFiles%\google\googletoolbar1.dll

%ProgramFiles%\halloweentoolbar\halloweentoolbar.dll

%ProgramFiles%\helper\helper6.dll

%ProgramFiles%\hp easy internet\interdialer.exe

%ProgramFiles%\http brute forcer\httpbruteforcer.exe

%ProgramFiles%\huaci\huaci\mouse1.dll

%ProgramFiles%\i711.com toolbar\tbhelper.dll

%ProgramFiles%\icmastertoolbar\siliconexperttoolbar.dll

%ProgramFiles%\ie passview\iepv.exe

%ProgramFiles%\iesuper\iesuper.dll

%ProgramFiles%\instant buzz\ibdaemon.exe

%ProgramFiles%\intelinet\intelin2.exe

%ProgramFiles%\ism\ism.exe

%ProgramFiles%\ithink\ithink.exe

%ProgramFiles%\jux2_toolbar\jux2_toolbar.dll

%ProgramFiles%\kav.exe

%ProgramFiles%\kazaap\kazaap.exe

%ProgramFiles%\kwssolution\kwsguide.dll

%ProgramFiles%\kwssolution\kwsguideupt.exe

%ProgramFiles%\luckytender\1.3.0\luckytender.dll

%ProgramFiles%\mail passview\mailpv.exe

%ProgramFiles%\malwareremoval\malwareremoval.exe

%ProgramFiles%\medilexicon toolbar\tbhelper.dll

%ProgramFiles%\messenpass\mspass.exe

%ProgramFiles%\microantivirus\microav.exe

%ProgramFiles%\microav\microav.exe

%ProgramFiles%\microsoft office\office11\smss.exe

%ProgramFiles%\microsoft office\system\sysbar.exe

%ProgramFiles%\mirc\irc bot\svchost.exe

%ProgramFiles%\mpsoft\block porn\killporn.dll

%ProgramFiles%\msa\msa.exe

%ProgramFiles%\mycentria\infobar\mycentriainfobar.dll

%ProgramFiles%\myportal\speed-x\uninstall.exe

%ProgramFiles%\mywebsearch\bar\1.bin\f3schmon.exe

%ProgramFiles%\netbox 2.8\netbox.exe

%ProgramFiles%\netpumper\netpumperieproxy.exe

%ProgramFiles%\netpumper\netpumpernnproxy.dll

%ProgramFiles%\netpumper\npnetpumper_application.dll

%ProgramFiles%\netpumper\npnetpumper_audio.dll

%ProgramFiles%\netpumper\npnetpumper_video.dll

%ProgramFiles%\netpumper\turnlog.exe

%ProgramFiles%\network password recovery\netpass.exe

%ProgramFiles%\onestepsearch\onestep.exe

%ProgramFiles%\oovootoolbar\oovootoolbar.dll

%ProgramFiles%\orbit\idht.dll

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.