ThreatExpert's Statistics for Generic PWS.y [McAfee]:

Generic PWS.y [McAfee] is also known as:

Threat Alias	Number of Incidents
Infostealer [Symantec]	3,018
Infostealer.Gampass [Symantec]	2,261
Trojan-GameThief.Win32.MultiFirst [Ikarus]	1,968
Mal/RootKit-A [Sophos]	1,882
Mal/Generic-A [Sophos]	1,862
Trojan-PWS.OnlineGames [PC Tools]	1,271
PWS:Win32/Lolyda.T [Microsoft]	1,146
Trojan-GameThief.Win32.MultiFirst.ad [Kaspersky Lab]	1,080
Trojan-GameThief.Win32.OnLineGames [Ikarus]	953
Trojan-GameThief.Win32.MultiFirst.ah [Kaspersky Lab]	936
Trojan-GameThief.Win32.Magania [Ikarus]	789
PWS:Win32/OnLineGames.AF [Microsoft]	783
Trojan-GameThief.Win32.Magania.ajqd [Kaspersky Lab]	650
Trojan-Spy.Win32.ProAgent.20 [Kaspersky Lab]	580
Trojan Horse [Symantec]	568
Trojan-Spy.ProAgent!sd5 [PC Tools]	565
Trojan-Spy.Gampass!sd6 [PC Tools]	474
TSPY_PROAGENT.V [Trend Micro]	397
Trojan.Progent [Symantec]	392
not-a-virus:PSWTool.Win32.FirePass.af [Kaspersky Lab]	378
Hacktool.Rootkit [Symantec]	376
Trojan-GameThief.Win32.Magania.amoa [Kaspersky Lab]	361
PSWTool.FirePass!sd6 [PC Tools]	343
Trojan-PWS.OnlineGames.AADA [PC Tools]	338
Infostealer.Onlinegame [Symantec]	336
Hacktool [Symantec]	331
Mal/Packer [Sophos]	315
Virus.Win32.Trojan [Ikarus]	246
Generic.PWS.Games [Ikarus]	240
Troj/PSW-GM [Sophos]	239
PWS:Win32/OnLineGames.GC [Microsoft]	236
PWS:Win32/OnLineGames.NJ!sys [Microsoft]	228
Trojan.Win32.Small.bub [Kaspersky Lab]	227
Win-Trojan/Xema.variant [AhnLab]	211
Backdoor.Prorat [Symantec]	210
Trojan.Win32.Small [Ikarus]	210
Trojan-PWS.Magania [PC Tools]	210
Trojan-PWS.OnlineGames.ADRD [PC Tools]	191
Trojan-Spy.Win32.ProAgent.20 [Ikarus]	168
Troj/Tidola-Gen, Mal/Dloadr-E [Sophos]	166
PWS.Win32 [Ikarus]	162
Packed.Win32.NSAnti.r [Kaspersky Lab]	153
Trojan.Lineage.Gen!Pac.3 [PC Tools]	149
Trojan.Win32.Agent2.gpj [Kaspersky Lab]	144
Trojan-PWS.Win32.Agent [Ikarus]	142
Infostealer.Banker.C [Symantec]	137
Win-Trojan/Agent2.11264.L [AhnLab]	130
Trojan.Agent2!sd6 [PC Tools]	127
Trojan-PSW.Agent!sd6 [PC Tools]	127
PWS:Win32/Tidola.A [Microsoft]	122
TSPY_ONLINEG.IAT [Trend Micro]	120
Trojan.Hijacker [Ikarus]	118
Trojan.OnlineGames.Gen.85 [PC Tools]	118
Rootkit.Order [PC Tools]	113
W32.Spybot.Worm [Symantec]	112
Mal/Prorat-A [Sophos]	105
PWS:Win32/Frethog.AU [Microsoft]	103
PWS:Win32/OnLineGames.ABJ [Microsoft]	103
Trojan-Dropper.Delf [Ikarus]	103
Trojan.Win32.Qhost [Ikarus]	101
Trojan-Spy.Win32.Ftput.c [Kaspersky Lab]	100
Trojan-Spy.Win32.Zbot [Ikarus]	97
Trojan-PSW.Win32.OnLineGames.agib [Kaspersky Lab]	96
Trojan-PSW.Win32.Agent.lsc [Kaspersky Lab]	90
TrojanSpy.Ftput.B [PC Tools]	90
Trojan-PSW.Win32.QQPass.dcg [Kaspersky Lab]	88
Trojan-Spy.Win32.Agent [Ikarus]	86
PWS:Win32/Lolyda.AD [Microsoft]	85
Trojan.Dropper [Symantec]	84
Trojan.OnlineGames.Gen.77 [PC Tools]	84
TSPY_ONLINEG.UXR [Trend Micro]	84
W32.Hitapop [Symantec]	77
Downloader [Symantec]	73
Trojan.PWS.Maran.JO [PC Tools]	64
Trojan-PSW.Win32.Maran.ff [Kaspersky Lab]	64
TSPY_ONLINEG.QSQ [Trend Micro]	63
Mal/Behav-009 [Sophos]	61
PWS:Win32/Zosernam.C [Microsoft]	61
TROJ_FTPUT.B [Trend Micro]	60
Backdoor.Trojan [Symantec]	59
PWS:Win32/Lolyda.S [Microsoft]	59
Backdoor.Graybird [Symantec]	58
Trojan-PSW.QQPass!sd6 [PC Tools]	57
Trojan.OnlineGames.Gen.44 [PC Tools]	56
Trojan.Qhost!sd6 [PC Tools]	52
Win-Trojan/OnlineGameHack.7680.AQ [AhnLab]	52
Trojan-Spy.Win32.Agent.dgr [Kaspersky Lab]	50
TrojanDropper:Win32/Tidola.A [Microsoft]	46
TrojanSpy:Win32/Hitpop.gen!D [Microsoft]	46
Trojan.DL.OnlineGames.Gen.78 [PC Tools]	45
Trojan-GameThief.Win32.WOW [Ikarus]	45
TrojanSpy:Win32/Agent.BX [Microsoft]	45
Win-Trojan/Proagent.20480 [AhnLab]	45
Win-Trojan/Proagent.7168.D [AhnLab]	45
Generic.PWS.Games.3 [Ikarus]	43
TSPY_ONLINEG.RKQ [Trend Micro]	43
Hacktool.Rootkit!sd6 [PC Tools]	42
TROJ_NSPM.AIE [Trend Micro]	42
Trojan.Win32.Agent2.hkh [Kaspersky Lab]	42
Trojan-GameThief.Win32.MultiFirst.ab [Kaspersky Lab]	42

Generic PWS.y [McAfee] has the following possible countries of origin:

Origin		Number of Incidents
	China	1,097
	Russian Federation	110
	Brazil	85
	Germany	21
	Spain	20
	France	19
	Poland	19
	United Kingdom	14
	Israel	13
	Switzerland	11
	Belgium	7
	Netherlands	7
	Republic of Korea	6
	Ukraine	6
	Turkey	5
	Egypt	4
	Italy	4
	Saudi Arabia	4
	Taiwan	2
	Australia	1
	Chile	1
	Ecuador	1
	Finland	1
	Iran	1
	Japan	1
	Jordan	1
	Lithuania	1
	Portugal	1
	Romania	1

Generic PWS.y [McAfee] is known to be created as:

%AppData%\cftmon.exe

%AppData%\kctmon\kcol23.exe

%AppData%\key folder\ddd882.dll

%AppData%\key folder\sql2005.dll

%AppData%\microsoft\windows\winlogon.exe

%CommonAppData%\%computername%\snhost.exe

%CommonAppData%\%computername%\taskenv.exe

%CommonAppData%\microsoft\bits.dll

%CommonFavorites%\azrnlirx.exe

%CommonFavorites%\cvudgfjf.exe

%CommonFavorites%\estaaoqt.exe

%CommonFavorites%\ghcgbuml.exe

%CommonFavorites%\pruasota.exe

%CommonFavorites%\qjbsnaqb.exe

%CommonFavorites%\uakvrnqx.exe

%CommonFavorites%\zanwormh.exe

%CommonPrograms%\actualspy\actualspy.exe

%FontsDir%\codoor0.dll

%FontsDir%\comres.dll

%FontsDir%\ctmres.dll

%FontsDir%\erraver0.dll

%FontsDir%\k8door0.dll

%FontsDir%\mndoor0.dll

%FontsDir%\wrdoor0.dll

%FontsDir%\xcdoor0.dll

%FontsDir%\yqkcvhpv.dll

%ProgramFiles%\%systemdir%\uninstaller.exe

%ProgramFiles%\3721\assist\assisres.dll

%ProgramFiles%\3721\assist\optimum.dll

%ProgramFiles%\acspmonitor\hk2.dll

%ProgramFiles%\acspmonitor\hprog.dll

%ProgramFiles%\acspmonitor\settings.exe

%ProgramFiles%\advanced invisible keylogger\win32sys.dll

%ProgramFiles%\adwarebazooka\adwarebazooka_monitor.exe

%ProgramFiles%\alertspy\alertspy.exe

%ProgramFiles%\antimalwareguard\amg.exe

%ProgramFiles%\antispywareexpert\ase.exe

%ProgramFiles%\aq.exe

%ProgramFiles%\aspmonitor\hk2.dll

%ProgramFiles%\autopoweron\apsmacro.dll

%ProgramFiles%\cedp stealer 6.0 for messenger\cedp.stealer.exe

%ProgramFiles%\cedp stealer 6.0\cedp.stealer.exe

%ProgramFiles%\common files\svchost.exe

%ProgramFiles%\common files\system\winsec.exe

%ProgramFiles%\common files\system\winsys64.sys

%ProgramFiles%\internet explorer\iexplore.com

%ProgramFiles%\internet explorer\setupapi.dll

%ProgramFiles%\internet explorer\svchost.exe

%ProgramFiles%\internet explorer\update.dll

%ProgramFiles%\malware defender 2009\uninstall.exe

%ProgramFiles%\messenger\msmsgr.exe

%ProgramFiles%\netmeeting\ravqjmon.exe

%ProgramFiles%\netmeeting\ravwdmon.exe

%ProgramFiles%\netmeeting\ravztmon.exe

%ProgramFiles%\pcs-398\smokinggun.net 2.5.1\kh398.dll

%ProgramFiles%\pscs\data\eventwin.exe

%ProgramFiles%\pykeylogger\pykeylogger_debug.exe

%ProgramFiles%\real spy monitor\winrsm.exe

%ProgramFiles%\sc-keylog pro demo\main.exe

%ProgramFiles%\sles\vmount2.exe

%ProgramFiles%\specialoperationssoftware\autoyahoo\autoyahoo.exe

%ProgramFiles%\spssm\data\usrprocm.exe

%ProgramFiles%\spydajaba\sdjbmain.exe

%ProgramFiles%\spydajaba\sdjbprcs.dll

%ProgramFiles%\spydestroy pro\spydestroypro.exe

%ProgramFiles%\spytech software\spyanywhere\noserver.exe

%ProgramFiles%\spyware guard 2008\uninstall.exe

%ProgramFiles%\starr\starrcmd.exe

%ProgramFiles%\windows media player\svchost.exe

%ProgramFiles%\windows nt\services.exe

%ProgramFiles%\windows.exe

%ProgramFiles%\xsoft\xworking\rsrsys.sys

%ProgramFiles%\ysm\data\dpnsvry.exe

%ProgramFiles%\ysm\winyim.exe

%Programs%\startup\chkdisk.dll

%Programs%\startup\services.exe

%Programs%\startup\userinit.exe

%System%\{a90e7b83-2186-76db-3297-2186f30b258a}\arc.dll

%System%\100k_w_jeden_dzien.exe

%System%\1035\msnmgsr.exe

%System%\1035\scvhost.exe

%System%\1312\svchost.exe

%System%\19b5406.sys

%System%\1nternet.exe

%System%\20093300.dll

%System%\200934245.dll

%System%\200934310.dll

%System%\20093534.dll

%System%\200943647.dll

%System%\28463\akv.exe

%System%\28463\ernk.exe

%System%\28463\hdnb.exe

%System%\28463\jfoq.exe

%System%\3931\svchost.exe

%System%\4c70249.sys

%System%\56bc86c7.dll

%System%\7f1c46c1bd7f.dll

%System%\7f1c46c1bd7f.exe

%System%\acpiz.dll

%System%\adsnwy.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).