Threat Search: 

ThreatExpert's Statistics for Mal/Behav-004 [Sophos]:

Mal/Behav-004 [Sophos] is also known as:
Threat AliasNumber of Incidents
Win32/Autorun.worm.19456.I [AhnLab]72
Worm.Win32.AutoRun.ghr [Kaspersky Lab]72
W32.Fujacks.CB [Symantec]67
Trojan.KillAV [PC Tools]42
W32/Newt-A [Sophos]42
Generic.dx [McAfee]18
Trojan-Downloader.Agent.TMW [PC Tools]8
Win32.SuspectCrc [Ikarus]8
Infostealer.Gampass [Symantec]7
Trojan Horse [Symantec]7
Exploit.Win32.RPC [Ikarus]6
Trojan.KillAV [Symantec]6
Trojan.Win32.Iframer [Ikarus]5
Backdoor.Trojan [Symantec]4
Downloader.Trojan [Symantec]4
P2P-Worm.Win32.Multex.a [Kaspersky Lab]4
Suspicious.MH690 [Symantec]4
Trojan.Iframer!sd6 [PC Tools]4
Trojan.Win32.Iframer.ab [Kaspersky Lab]4
Trojan-Downloader.Win32.Sunacha [Ikarus]4
Win32/Multex.worm.15872 [AhnLab]4
Worm:Win32/Multex.A [Microsoft]4
Trojan.Floodblack [Symantec]3
Trojan-Dropper.Agent [Ikarus]3
Trojan-Spy.Win32.Agent.cmr [Kaspersky Lab]3
Downloader [Symantec]2
Downloader.Generic [PC Tools]2
Generic PWS.y [McAfee]2
Generic.dx!js [McAfee]2
not-a-virus:FraudTool.Win32.WinSpywareProtect.wk [Kaspersky Lab]2
Trojan.Popuper [PC Tools]2
Trojan.Win32.Agent.clld [Kaspersky Lab]2
Trojan-Downloader.Win32.Small.jpi [Kaspersky Lab]2
Virus.Trojan.Win32.Agent [Ikarus]2
Win-Trojan/Agent.24576.AUG [AhnLab]2
Backdoor.Agent.AGTU [PC Tools]1
Backdoor.Beastdoor!sd6 [PC Tools]1
Backdoor.BodomBot.B [PC Tools]1
Backdoor.SdBot!sd5 [PC Tools]1
Backdoor.Trojan [PC Tools]1
Backdoor.Win32.Agent.akqe [Kaspersky Lab]1
Backdoor.Win32.Agent.amzq [Kaspersky Lab]1
Backdoor.Win32.Beastdoor [Ikarus]1
Backdoor.Win32.Beastdoor.207.aa [Kaspersky Lab]1
Backdoor.Win32.Beastdoor.207.z [Kaspersky Lab]1
Backdoor.Win32.Delf.aae [Kaspersky Lab]1
Backdoor.Win32.Hupigon.glwl [Kaspersky Lab]1
Backdoor.Win32.Mnets [Ikarus]1
Backdoor.Win32.SdBot [Ikarus]1
Backdoor.Win32.SdBot.qr [Kaspersky Lab]1
Backdoor:Win32/Bodombot [Microsoft]1
Backdoor:Win32/IRCbot [Microsoft]1
BackDoor-AMQ [McAfee]1
BKDR_AGENT.CZQ [Trend Micro]1
Generic BackDoor.bb [McAfee]1
Generic.dp [McAfee]1
Infostealer [Symantec]1
IRC.Backdoor.Trojan [Symantec]1
Net-Worm.Kolab [PC Tools]1
Net-Worm.Win32.Kolab [Ikarus]1
Net-Worm.Win32.Kolab.arf [Kaspersky Lab]1
New Malware.aj [McAfee]1
New Win32 [McAfee]1
not-a-virus:AdWare.Win32.Agent.dtc [Kaspersky Lab]1
Packer.RLPack.D [Ikarus]1
PWCrack-Winspy!a [McAfee]1
PWS-Banker [McAfee]1
Spyware.Screenspy [PC Tools]1
Spyware.Screenspy [Symantec]1
SpywareProtect2009 [Symantec]1
Trojan.Dropper [Symantec]1
Trojan.Generic [Ikarus]1
Trojan.Generic [PC Tools]1
Trojan.Win32.Agent.bzgi [Kaspersky Lab]1
Trojan.Win32.FakeSpypro [Ikarus]1
Trojan.Win32.Iframer.w [Kaspersky Lab]1
Trojan.Win32.Iframer.x [Kaspersky Lab]1
Trojan:Win32/Comwitproc!rts [Microsoft]1
Trojan-Clicker.Win32.Agent.gwm [Kaspersky Lab]1
Trojan-Downloader [Ikarus]1
TrojanDownloader:Win32/Small.HW [Microsoft]1
Trojan-GameThief.Win32.OnLineGames.bkgr [Kaspersky Lab]1
Trojan-GameThief.Win32.OnLineGames.slae [Kaspersky Lab]1
Trojan-PSW.Win32.QQPass.byc [Kaspersky Lab]1
Trojan-PWS.Win32.QQPass [Ikarus]1
Trojan-Spy.Win32.Agent.ecx [Kaspersky Lab]1
TSPY_AGENT.AJNL [Trend Micro]1
Virus.Win32.Agent.VZP [Ikarus]1
W32.Spybot.Worm [Symantec]1
W32/Swaduk.gen [McAfee]1
Win32/BodomBot.worm.19456 [AhnLab]1
Win32/IRCBot.worm.Gen [AhnLab]1
Win32/MalPackedB.suspicious [AhnLab]1
Win-Trojan/Agent.129675 [AhnLab]1
Win-Trojan/Agent.3581440 [AhnLab]1
Win-Trojan/Beastdoor.19784 [AhnLab]1
Win-Trojan/Dllbot.200704 [AhnLab]1
Win-Trojan/Dllbot.94720 [AhnLab]1
Win-Trojan/Xema.variant [AhnLab]1
Worm.Win32.AutoRun [Ikarus]1

Mal/Behav-004 [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
Republic of Korea7
China4
Russian Federation2
Spain1

Mal/Behav-004 [Sophos] is known to be created as:
%CommonAppData%\webext\winchk.exe
%Profiles%\hpserviceprint.exe
%ProgramFiles%\google\googletoolbar1.dll
%System%\6to4.dll
%System%\bsrcjrwn.exe
%System%\dllcache\6to4.dll
%System%\dllcache\ias.dll
%System%\dllcache\iprip.dll
%System%\ias.dll
%System%\iprip.dll
%System%\liar6.exe
%System%\mscotry.dll
%System%\msmpr32.exe
%System%\prqua.exe
%System%\qclient29.exe
%System%\reowfx3m.dll
%System%\smbsrv.dll
%System%\spools.exe
%System%\svohost.dll
%System%\uv2wixy6.dll
%Temp%\312046.exe
%Temp%\liar6.exe
%Temp%\rtv_winupd.exe
%Windir%\hpserviceprint.exe
%Windir%\msmode8.exe
%Windir%\system\shell2.0.dll
%Windir%\systemdb.exe
Notes:
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.