ThreatExpert's Statistics for Generic PUP.x [McAfee]:

Generic PUP.x [McAfee] is also known as:

Threat Alias	Number of Incidents
Troj/FakeAV-CL [Sophos]	15,015
RogueAntiSpyware.AntivirusXP2008 [PC Tools]	7,660
TROJ_RENOS.ACG [Trend Micro]	7,047
Win32.SuspectCrc [Ikarus]	6,000
Adware.PigSearch [Symantec]	5,479
AntiVirus2008 [Symantec]	4,763
Adware.PigSearch!sd6 [PC Tools]	4,602
Troj/FakeVir-DE [Sophos]	4,437
not-a-virus:FraudTool.Win32.XPAntivirus.ld [Kaspersky Lab]	4,263
AntiVirus2009 [Symantec]	2,772
not-a-virus:FraudTool.Win32.XPAntivirus.oj [Kaspersky Lab]	2,736
TROJ_FAKEALER.GV [Trend Micro]	2,736
Troj/FakeAle-GZ [Sophos]	2,424
RogueAntiSpyware.AntiVirusPro [PC Tools]	2,162
Program:Win32/Antivirus2008 [Microsoft]	2,044
Adware.Sogou [PC Tools]	2,017
FakeAlert-AB [McAfee]	1,848
PHISH.FraudTool.XPAntivirus [Ikarus]	1,848
Trojan:Win32/FakeXPA [Microsoft]	1,600
Adware.CPush [Symantec]	1,185
not-a-virus:AdWare.Win32.BHO.ee [Kaspersky Lab]	954
Adware:Win32/AdRotator [Microsoft]	934
AdWare.AdMedia.ED [Ikarus]	871
AdWare.AdMedia.ed [PC Tools]	870
Trojan.Cinmeng [Symantec]	852
not-a-virus:AdWare.Win32.AdMedia.ed [Kaspersky Lab]	842
Mal/Generic-A [Sophos]	802
not-a-virus:AdWare.Win32.BHO.dbj [Kaspersky Lab]	750
Adware.BHO!sd6 [PC Tools]	727
Adware.Begin2search [Symantec]	716
Adware.NetPumper [PC Tools]	684
Trojan Horse [Symantec]	607
Adware.BHO!sd5 [PC Tools]	568
Adware.PigSearch [PC Tools]	562
NetPumper [Symantec]	520
SoftwareBundler:Win32/NetPumper [Microsoft]	520
Hacktool [Symantec]	429
Virus.Trojan.Win32.Agent.abpb [Ikarus]	429
not-a-virus:WebToolbar.Win32.TinyToolbar.a [Kaspersky Lab]	315
TrojanDownloader:Win32/Renos.DU [Microsoft]	298
not-a-virus:AdWare.Win32.BHO.cwl [Kaspersky Lab]	280
not-a-virus:AdWare.Win32.Zhongsou.bb [Kaspersky Lab]	257
not-a-virus:AdWare.Win32.BHO.clx [Kaspersky Lab]	247
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]	246
Win-Trojan/Xema.variant [AhnLab]	232
Backdoor.IRC.Bot [Symantec]	227
Downloader [Symantec]	217
Trojan.Dropper [Symantec]	217
Adware.Zhongsou!sd6 [PC Tools]	201
Program:Win32/Sogou [Microsoft]	198
AdWare.Win32.AdRotator [Ikarus]	195
Backdoor.IRC!sd6 [PC Tools]	195
Trojan-Spy.Win32.Banbra [Ikarus]	182
Adware.BHO.EE [PC Tools]	180
Mal/EncPk-DV [Sophos]	176
not-a-virus:FraudTool.Win32.MSAntivirus.r [Kaspersky Lab]	176
Dropper/Cinmus.161110 [AhnLab]	174
Troj/AdClick-ER [Sophos]	171
not-a-virus:AdWare.Win32.BHO.fne [Kaspersky Lab]	154
Adware.Adrotator.GEN [PC Tools]	153
Adware.CPush!sd6 [PC Tools]	145
Hacktool.Rootkit [Symantec]	143
Virus.Win32.AdWare [Ikarus]	143
Downloader.MisleadApp [Symantec]	142
Adware.Agent!sd6 [PC Tools]	139
Troj/Bckdr-QPX [Sophos]	133
PSWTool.NetPass!sd6 [PC Tools]	130
AdWare.bho.fne [PC Tools]	128
Generic.Win32.Malware.Sogou [Ikarus]	127
Hacktool.PassReminder [Symantec]	127
Mal/FakeAV-F [Sophos]	126
not-a-virus:FraudTool.Win32.UltimateAntivirus.cc [Kaspersky Lab]	121
HackTool.Win32.Homac [Kaspersky Lab]	115
Trojan.Fakeavalert [Symantec]	115
HackTool.Homac!sd5 [PC Tools]	113
not-a-virus:AdWare.Win32.BHO.dzf [Kaspersky Lab]	112
Hacktool.PassReminder!sd6 [PC Tools]	111
TROJ_FAKEALER.VL [Trend Micro]	110
not-a-virus:PSWTool.Win32.Messen.bh [Kaspersky Lab]	104
Adware:Win32/Owlforce [Microsoft]	101
not-a-virus:PSWTool.Win32.Messen.bh [Ikarus]	100
not-a-virus:PSWTool.Win32.NetPass.et [Kaspersky Lab]	100
Tool:Win32/IEPassRecover.A [Microsoft]	100
PSWTool.RAS!sd5 [PC Tools]	98
Troj/FakeAle-FJ [Sophos]	95
Trojan.Win32.BHO [Ikarus]	94
not-a-virus:FraudTool.Win32.Agent.jq [Kaspersky Lab]	90
not-a-virus:PSWTool.Win32.NetPass.et [Ikarus]	90
Trojan.Renos.NDB [Ikarus]	87
not-a-virus:AdWare.Win32.BHO.cep [Kaspersky Lab]	84
Troj/Zlob-AQP [Sophos]	81
Trojan.Win32.BHO.hof [Kaspersky Lab]	81
Trojan.BHO!sd6 [PC Tools]	79
not-a-virus:AdWare.Win32.Iebar.w [Kaspersky Lab]	78
not-a-virus:FraudTool.Win32.Agent.cb [Kaspersky Lab]	78
Trojan-Downloader.MisleadApp!sd6 [PC Tools]	78
TROJ_ADCLICK.CH [Trend Micro]	77
Mal/Packer [Sophos]	75
PHISH.FraudTool.XPAntivirus.OJ [Ikarus]	72
Trojan.Adclicker [Symantec]	71

Generic PUP.x [McAfee] has the following possible countries of origin:

Origin		Number of Incidents
	China	9,585
	United Kingdom	1,578
	Russian Federation	379
	Israel	77
	Germany	33
	Ukraine	27
	Taiwan	23
	Brazil	22
	Republic of Korea	20
	South Africa	20
	Canada	16
	Argentina	13
	France	12
	Spain	12
	Sweden	12
	Italy	8
	Netherlands	5
	Switzerland	5
	Australia	4
	Portugal	3
	Poland	2
	Belgium	1
	Egypt	1
	Hong Kong	1
	Japan	1
	Norway	1
	Saudi Arabia	1
	Trinidad and Tobago	1

Generic PUP.x [McAfee] is known to be created as:

%AppData%\dxdlls\dxdlg.exe

%AppData%\dxdlls\imapdb.exe

%AppData%\microsoft\windll32.exe

%AppData%\microsoft\windows\winlogon.exe

%AppData%\spool.exe

%DownloadedProgramFiles%\cnsmin.dll

%DownloadedProgramFiles%\thunderadvise.dll

%DownloadedProgramFiles%\ygw1.dll

%MyDocuments%\spydevastator\sdbho.dll

%ProgramFiles%\360saofe.exe

%ProgramFiles%\360sys.exe

%ProgramFiles%\aav\aav.exe

%ProgramFiles%\acspmonitor\hk.dll

%ProgramFiles%\advancedhelper\advancedhelper-1.dll

%ProgramFiles%\adware deluxe\spywares\browser hijack\helper.dll

%ProgramFiles%\agava spamprotexx\tma-setup.exe

%ProgramFiles%\alertspy\spywares\spydb.exe

%ProgramFiles%\amsys\swsys.exe

%ProgramFiles%\antispywarexp2009\uninstall.exe

%ProgramFiles%\antivirus 2008\antvrs.exe

%ProgramFiles%\aol toolbar\toolbar.dll

%ProgramFiles%\asc 2.1\ascwarning32.dll

%ProgramFiles%\avm\avm.exe

%ProgramFiles%\bifrost\mgs.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\svchost32.exe

%ProgramFiles%\btremotecontrol\fy2000.exe

%ProgramFiles%\buysafeshoppingadvisor\buysafeshoppingadvisor.dll

%ProgramFiles%\calendar\htmlpeek.dll

%ProgramFiles%\chmdecompiler\baidu.exe

%ProgramFiles%\closemonitor\baidu.exe

%ProgramFiles%\common files\cpush\cpush.dll

%ProgramFiles%\common files\cpush\uninst.exe

%ProgramFiles%\common files\pushware\cpush.dll

%ProgramFiles%\common files\pushware\uninst.exe

%ProgramFiles%\common files\system\svchostu.exe

%ProgramFiles%\dfsdfsd\kiss.exe

%ProgramFiles%\dfse.exe

%ProgramFiles%\doctor adware\spywares\browser hijack\helper.dll

%ProgramFiles%\dudu\speed\dhtiwl.dll

%ProgramFiles%\ekerberos\ekerberos.exe

%ProgramFiles%\elcomsoft\advanced im password recovery\aimpr.exe

%ProgramFiles%\eroca\eroca.exe

%ProgramFiles%\fieryads\commlayer.dll

%ProgramFiles%\fieryads\fieryads.dll

%ProgramFiles%\flashmute\uninstall.exe

%ProgramFiles%\game\htmlpeek.dll

%ProgramFiles%\ganeralos\kiral.exe

%ProgramFiles%\getmodule\getmodule24.exe

%ProgramFiles%\getpack\getpack23.exe

%ProgramFiles%\google\googletoolbar1.dll

%ProgramFiles%\halloweentoolbar\halloweentoolbar.dll

%ProgramFiles%\helper\helper6.dll

%ProgramFiles%\hp easy internet\interdialer.exe

%ProgramFiles%\http brute forcer\httpbruteforcer.exe

%ProgramFiles%\huaci\huaci\mouse1.dll

%ProgramFiles%\i711.com toolbar\tbhelper.dll

%ProgramFiles%\icmastertoolbar\siliconexperttoolbar.dll

%ProgramFiles%\ie passview\iepv.exe

%ProgramFiles%\iesuper\iesuper.dll

%ProgramFiles%\instant buzz\ibdaemon.exe

%ProgramFiles%\intelinet\intelin2.exe

%ProgramFiles%\ism\ism.exe

%ProgramFiles%\ithink\ithink.exe

%ProgramFiles%\jux2_toolbar\jux2_toolbar.dll

%ProgramFiles%\kav.exe

%ProgramFiles%\kazaap\kazaap.exe

%ProgramFiles%\kwssolution\kwsguide.dll

%ProgramFiles%\kwssolution\kwsguideupt.exe

%ProgramFiles%\luckytender\1.3.0\luckytender.dll

%ProgramFiles%\mail passview\mailpv.exe

%ProgramFiles%\medilexicon toolbar\tbhelper.dll

%ProgramFiles%\messenpass\mspass.exe

%ProgramFiles%\microantivirus\microav.exe

%ProgramFiles%\microav\microav.exe

%ProgramFiles%\microsoft office\office11\smss.exe

%ProgramFiles%\microsoft office\system\sysbar.exe

%ProgramFiles%\mirc\irc bot\svchost.exe

%ProgramFiles%\mpsoft\block porn\killporn.dll

%ProgramFiles%\msa\msa.exe

%ProgramFiles%\mycentria\infobar\mycentriainfobar.dll

%ProgramFiles%\myportal\speed-x\uninstall.exe

%ProgramFiles%\mywebsearch\bar\1.bin\f3schmon.exe

%ProgramFiles%\netbox 2.8\netbox.exe

%ProgramFiles%\netpumper\netpumperieproxy.exe

%ProgramFiles%\netpumper\netpumpernnproxy.dll

%ProgramFiles%\netpumper\npnetpumper_application.dll

%ProgramFiles%\netpumper\npnetpumper_audio.dll

%ProgramFiles%\netpumper\npnetpumper_video.dll

%ProgramFiles%\netpumper\turnlog.exe

%ProgramFiles%\network password recovery\netpass.exe

%ProgramFiles%\onestepsearch\onestep.exe

%ProgramFiles%\oovootoolbar\oovootoolbar.dll

%ProgramFiles%\orbit\idht.dll

%ProgramFiles%\ozby toolbar\tbhelper.dll

%ProgramFiles%\pchealthcenter\0.exe

%ProgramFiles%\pchealthcenter\1.exe

%ProgramFiles%\pchealthcenter\2.exe

%ProgramFiles%\pchealthcenter\5.exe

%ProgramFiles%\pcprivacycleaner\pcpc.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.