ThreatExpert's Statistics for Infostealer.Banker.C [Symantec]:

Infostealer.Banker.C [Symantec] is also known as:

Threat Alias	Number of Incidents
Trojan-Spy.Win32.Zbot [Ikarus]	365
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]	346
PWS:Win32/Zbot.gen!R [Microsoft]	336
Win32/IRCBot.worm.variant [AhnLab]	298
Trojan-PSW.Banker [PC Tools]	216
Mal/Generic-A [Sophos]	171
PWS-Zbot.gen.c [McAfee]	151
Generic PWS.y [McAfee]	137
Mal/EncPk-CZ [Sophos]	130
TrojanSpy:Win32/Zbot.gen!C [Microsoft]	128
Mal/Zbot-O [Sophos]	125
PWS:Win32/Zbot.G [Microsoft]	94
Spy-Agent.bw.gen.e [McAfee]	86
Troj/ZbotPP-Fam [Sophos]	77
TSPY_BANKRYPT.X [Trend Micro]	73
Cryp_Pai-5 [Trend Micro]	70
PWS:Win32/Zbot.J [Microsoft]	70
PWS-Banker.gen.bw [McAfee]	67
TrojanSpy.ZBot.Gen!Pac.3 [PC Tools]	67
Trojan-Spy.Banker!sd6 [PC Tools]	63
TrojanSpy.Bancos.AAM [PC Tools]	59
Trojan-Spy.Win32.Zbot.zr [Kaspersky Lab]	59
Trojan-Spy.Win32.Bancos.aam [Ikarus]	58
PWS:Win32/Zbot.gen!B [Microsoft]	54
Win-Trojan/Bancos.40960.Z [AhnLab]	53
Mal/Behav-045, Mal/Zbot-A [Sophos]	52
PWS:Win32/Zbot.PG [Microsoft]	46
Trojan-Spy.Win32.Zbot.anp [Ikarus]	45
PWS:Win32/Zbot [Microsoft]	42
Mal/Zbot-I [Sophos]	40
PWS.Win32 [Ikarus]	40
TrojanSpy.ZBot.Gen!Pac.4 [PC Tools]	40
Spy-Agent.bw [McAfee]	36
Troj/Zbot-L [Sophos]	36
Trojan:Win32/Zbot.BX [Microsoft]	36
Trojan-Spy.Zbot!sd6 [PC Tools]	35
Generic.dx [McAfee]	34
Spy-Agent.bw.gen.i [McAfee]	33
Trojan.Win32.Zbot [Ikarus]	33
Win-Trojan/Xema.variant [AhnLab]	33
Troj/ZbotPP-Fam, Mal/EncPk-CZ [Sophos]	31
PWS:Win32/Zbot.I [Microsoft]	30
Trojan-Spy.Zbot [Ikarus]	30
Spy-Agent.bw.gen.d [McAfee]	29
Backdoor.Win32.Bredavi.ahy [Kaspersky Lab]	28
Mal/EncPk-HZ [Sophos]	28
Troj/Zbot-DX [Sophos]	28
PWS:Win32/Zbot.UO [Microsoft]	26
PWS-Zbot [McAfee]	26
VirTool:Win32/DelfInject.gen!AC [Microsoft]	26
Mal/EncPk-HJ [Sophos]	25
Mal/WaledPak-A [Sophos]	25
Mal/Dropper-T [Sophos]	23
Mal/Zbot-O, Mal/EncPk-CZ [Sophos]	21
Mal/Zbot-P [Sophos]	21
Trojan.Win32.Obfuscater [Ikarus]	20
Downloader-BNY [McAfee]	19
FakeAlert-DA [McAfee]	19
Spy-Agent.bw.gen.c [McAfee]	19
TSPY_ZBOT.CAR [Trend Micro]	19
Mal/Dorf-F [Sophos]	18
Win-Trojan/Zbot.66048 [AhnLab]	18
Mal/Zbot-H [Sophos]	17
Backdoor:Win32/Poebot.gen [Microsoft]	15
Downloader-BON [McAfee]	15
HackTool.Win32.Crypt [Ikarus]	15
Trojan-Spy.Win32.Zbot.soo [Kaspersky Lab]	15
Mal/EncPk-HF, Mal/EncPk-CZ [Sophos]	14
Mal/TibsPak [Sophos]	14
PWS:Win32/Zbot.M [Microsoft]	14
Trojan-Dropper.Delf [Ikarus]	14
Mal/Zbot-D [Sophos]	13
PWS:Win32/Zbot.PK [Microsoft]	13
Backdoor.Win32.Nepoe.po [Kaspersky Lab]	12
Mal/EncPk-DB [Sophos]	12
Mal/EncPk-FS [Sophos]	12
Mal/EncPk-IY [Sophos]	12
Troj/Musor-Gen [Sophos]	12
Trojan:Win32/Malagent [Microsoft]	12
Trojan:Win32/Malat [Microsoft]	12
Trojan:Win32/Zbot.BY [Microsoft]	12
Virus.Win32.Zbot [Ikarus]	12
Mal/EncPk-IF [Sophos]	11
VirTool:Win32/Vbinder.gen!G [Microsoft]	11
Virus.Win32.Enteos [Ikarus]	11
Generic Dropper.bw [McAfee]	10
Mal/EncPk-HF, Mal/EncPk-CZ, Mal/TibsPak [Sophos]	10
Mal/EncPk-HP [Sophos]	10
PWS:Win32/Zbot.PI [Microsoft]	10
PWS-Zbot.gen.i [McAfee]	10
Spy-Agent.bw.gen.b [McAfee]	10
Troj/FakeAle-LE [Sophos]	10
TrojanSpy:Win32/Mafod!rts [Microsoft]	10
TSPY_ZBOT.SM [Trend Micro]	10
Win-Trojan/Zbot.73216 [AhnLab]	10
Generic BackDoor!bgj [McAfee]	9
Mal/Behav-353 [Sophos]	9
PWS:Win32/Zbot.gen!E [Microsoft]	9
PWS:Win32/Zbot.NK [Microsoft]	9
PWS-Banker [McAfee]	9

Infostealer.Banker.C [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	83
	Spain	10
	Germany	7
	Israel	4
	Brazil	3
	Slovakia	3
	Turkey	3
	China	2
	Italy	2
	Poland	2
	Sweden	2
	Finland	1
	France	1
	United Kingdom	1

Infostealer.Banker.C [Symantec] is known to be created as:

%CommonAppData%\uvafwncj\gvcnglid.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\carb.exe

%ProgramFiles%\crakall\madness crypter\madness crypter\stub.exe

%ProgramFiles%\internet explorer\hunterp.exe

%ProgramFiles%\microsoft common\svchost.exe

%ProgramFiles%\microsoft common\wuacult.exe

%ProgramFiles%\test.exe

%ProgramFiles%\winsk\winsk.exe

%Programs%\startup\ihaupd32.exe

%System%\1033v.exe

%System%\algs.exe

%System%\bhdvgtueyipj.dll

%System%\crypter.exe

%System%\drivers\no3kkjcgtts.sys

%System%\drivers\ub6owr1pvlu.sys

%System%\explorer.exe

%System%\firewall.exe

%System%\htmlxsixs.dll

%System%\htmlxyexy.dll

%System%\intel32.exe

%System%\javaa.exe

%System%\jxeezs.exe

%System%\kerneldrv.exe

%System%\ldfrmmd.exe

%System%\linkvc5.dll

%System%\logon.exe

%System%\mail.exe

%System%\mcenspc.dll

%System%\nologon32.exe

%System%\ntos.exe

%System%\oembios.exe

%System%\pavuppad.exe

%System%\pxaegz.exe

%System%\sdra64.exe

%System%\sfnp.exe

%System%\spools.exe

%System%\sys2_32.dll

%System%\tgqmmaef.exe

%System%\twex.exe

%System%\twext.exe

%System%\tynqz.exe

%System%\updat.exe

%System%\win32avs.exe

%System%\win32old.exe

%System%\win32z.exe

%System%\windows64.exe

%System%\winds32.exe

%System%\wsnpoema.exe

%System%\yvinvul.exe

%Temp%\090322-5-4.exe

%Temp%\090322-c-12.exe

%Temp%\1111.exe

%Temp%\6_ldr.exe

%Temp%\6_ldr3.exe

%Temp%\6_ldry3.exe

%Temp%\baracudanew.exe

%Temp%\decrypted.exe

%Temp%\dll.exe

%Temp%\file.exe

%Temp%\game.exe

%Temp%\ggenf1.exe

%Temp%\htdhg.exe

%Temp%\ixp000.tmp\keygen.exe

%Temp%\ixp000.tmp\serv.exe

%Temp%\jdey.exe

%Temp%\k3ychbaslw.exe

%Temp%\ldr.exe

%Temp%\ldr_cosmosi.ru_recrypted.exe

%Temp%\micros_setup4.3.exe

%Temp%\msx6whfeyz.exe

%Temp%\my.exe

%Temp%\rarsfx0\1.exe

%Temp%\s09016.exe

%Temp%\svchost.exe

%Temp%\temp.exe

%Temp%\tmp1.exe

%Temp%\tmp2.exe

%Temp%\u83724.exe

%Temp%\uvrvggawt3.exe

%Temp%\zews.exe

%Temp%\ziqkj4zjgl.exe

%UserProfile%\mekoa.exe

%UserProfile%\xrt_mgec.exe

%UserProfile%\yerg.exe

%Windir%\csrss.exe

%Windir%\help\eb6c4499b05f.dll

%Windir%\help\eb6c4499b05f.exe

%Windir%\iexplorer.exe

%Windir%\scssrr.exe

%Windir%\shl.exe

%Windir%\svhoster.exe

%Windir%\svzip.exe

%Windir%\system\keygen.exe

%Windir%\temp\f2.exe

%Windir%\wind7upd.exe

c:\diskrun.exe

c:\programm files\premium_crypter.exe

c:\restore\k-1-3542-4232123213-7676767-8888886\ogard.exe

c:\setup\setup.exe

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.