ThreatExpert's Statistics for Mal/Behav-004 [Sophos]:

Mal/Behav-004 [Sophos] is also known as:

Threat Alias	Number of Incidents
Win32/Autorun.worm.19456.I [AhnLab]	72
Worm.Win32.AutoRun.ghr [Kaspersky Lab]	72
W32.Fujacks.CB [Symantec]	67
Trojan.KillAV [PC Tools]	42
W32/Newt-A [Sophos]	42
Generic.dx [McAfee]	18
Trojan-Downloader.Agent.TMW [PC Tools]	8
Win32.SuspectCrc [Ikarus]	8
Infostealer.Gampass [Symantec]	7
Trojan Horse [Symantec]	7
Exploit.Win32.RPC [Ikarus]	6
Trojan.KillAV [Symantec]	6
Trojan.Win32.Iframer [Ikarus]	5
Backdoor.Trojan [Symantec]	4
Downloader.Trojan [Symantec]	4
P2P-Worm.Win32.Multex.a [Kaspersky Lab]	4
Suspicious.MH690 [Symantec]	4
Trojan.Iframer!sd6 [PC Tools]	4
Trojan.Win32.Iframer.ab [Kaspersky Lab]	4
Trojan-Downloader.Win32.Sunacha [Ikarus]	4
Win32/Multex.worm.15872 [AhnLab]	4
Worm:Win32/Multex.A [Microsoft]	4
Trojan.Floodblack [Symantec]	3
Trojan-Dropper.Agent [Ikarus]	3
Trojan-Spy.Win32.Agent.cmr [Kaspersky Lab]	3
Downloader [Symantec]	2
Downloader.Generic [PC Tools]	2
Generic PWS.y [McAfee]	2
Generic.dx!js [McAfee]	2
not-a-virus:FraudTool.Win32.WinSpywareProtect.wk [Kaspersky Lab]	2
Trojan.Popuper [PC Tools]	2
Trojan.Win32.Agent.clld [Kaspersky Lab]	2
Trojan-Downloader.Win32.Small.jpi [Kaspersky Lab]	2
Virus.Trojan.Win32.Agent [Ikarus]	2
Win-Trojan/Agent.24576.AUG [AhnLab]	2
Backdoor.Agent.AGTU [PC Tools]	1
Backdoor.Beastdoor!sd6 [PC Tools]	1
Backdoor.BodomBot.B [PC Tools]	1
Backdoor.SdBot!sd5 [PC Tools]	1
Backdoor.Trojan [PC Tools]	1
Backdoor.Win32.Agent.akqe [Kaspersky Lab]	1
Backdoor.Win32.Agent.amzq [Kaspersky Lab]	1
Backdoor.Win32.Beastdoor [Ikarus]	1
Backdoor.Win32.Beastdoor.207.aa [Kaspersky Lab]	1
Backdoor.Win32.Beastdoor.207.z [Kaspersky Lab]	1
Backdoor.Win32.Delf.aae [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.glwl [Kaspersky Lab]	1
Backdoor.Win32.Mnets [Ikarus]	1
Backdoor.Win32.SdBot [Ikarus]	1
Backdoor.Win32.SdBot.qr [Kaspersky Lab]	1
Backdoor:Win32/Bodombot [Microsoft]	1
Backdoor:Win32/IRCbot [Microsoft]	1
BackDoor-AMQ [McAfee]	1
BKDR_AGENT.CZQ [Trend Micro]	1
Generic BackDoor.bb [McAfee]	1
Generic.dp [McAfee]	1
Infostealer [Symantec]	1
IRC.Backdoor.Trojan [Symantec]	1
Net-Worm.Kolab [PC Tools]	1
Net-Worm.Win32.Kolab [Ikarus]	1
Net-Worm.Win32.Kolab.arf [Kaspersky Lab]	1
New Malware.aj [McAfee]	1
New Win32 [McAfee]	1
not-a-virus:AdWare.Win32.Agent.dtc [Kaspersky Lab]	1
Packer.RLPack.D [Ikarus]	1
PWCrack-Winspy!a [McAfee]	1
PWS-Banker [McAfee]	1
Spyware.Screenspy [PC Tools]	1
Spyware.Screenspy [Symantec]	1
SpywareProtect2009 [Symantec]	1
Trojan.Dropper [Symantec]	1
Trojan.Generic [Ikarus]	1
Trojan.Generic [PC Tools]	1
Trojan.Win32.Agent.bzgi [Kaspersky Lab]	1
Trojan.Win32.FakeSpypro [Ikarus]	1
Trojan.Win32.Iframer.w [Kaspersky Lab]	1
Trojan.Win32.Iframer.x [Kaspersky Lab]	1
Trojan:Win32/Comwitproc!rts [Microsoft]	1
Trojan-Clicker.Win32.Agent.gwm [Kaspersky Lab]	1
Trojan-Downloader [Ikarus]	1
TrojanDownloader:Win32/Small.HW [Microsoft]	1
Trojan-GameThief.Win32.OnLineGames.bkgr [Kaspersky Lab]	1
Trojan-GameThief.Win32.OnLineGames.slae [Kaspersky Lab]	1
Trojan-PSW.Win32.QQPass.byc [Kaspersky Lab]	1
Trojan-PWS.Win32.QQPass [Ikarus]	1
Trojan-Spy.Win32.Agent.ecx [Kaspersky Lab]	1
TSPY_AGENT.AJNL [Trend Micro]	1
Virus.Win32.Agent.VZP [Ikarus]	1
W32.Spybot.Worm [Symantec]	1
W32/Swaduk.gen [McAfee]	1
Win32/BodomBot.worm.19456 [AhnLab]	1
Win32/IRCBot.worm.Gen [AhnLab]	1
Win32/MalPackedB.suspicious [AhnLab]	1
Win-Trojan/Agent.129675 [AhnLab]	1
Win-Trojan/Agent.3581440 [AhnLab]	1
Win-Trojan/Beastdoor.19784 [AhnLab]	1
Win-Trojan/Dllbot.200704 [AhnLab]	1
Win-Trojan/Dllbot.94720 [AhnLab]	1
Win-Trojan/Xema.variant [AhnLab]	1
Worm.Win32.AutoRun [Ikarus]	1

Mal/Behav-004 [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Republic of Korea	7
	China	4
	Russian Federation	2
	Spain	1

Mal/Behav-004 [Sophos] is known to be created as:

%CommonAppData%\webext\winchk.exe

%Profiles%\hpserviceprint.exe

%ProgramFiles%\google\googletoolbar1.dll

%System%\6to4.dll

%System%\bsrcjrwn.exe

%System%\dllcache\6to4.dll

%System%\dllcache\ias.dll

%System%\dllcache\iprip.dll

%System%\ias.dll

%System%\iprip.dll

%System%\liar6.exe

%System%\mscotry.dll

%System%\msmpr32.exe

%System%\prqua.exe

%System%\qclient29.exe

%System%\reowfx3m.dll

%System%\smbsrv.dll

%System%\spools.exe

%System%\svohost.dll

%System%\uv2wixy6.dll

%Temp%\312046.exe

%Temp%\liar6.exe

%Temp%\rtv_winupd.exe

%Windir%\hpserviceprint.exe

%Windir%\msmode8.exe

%Windir%\system\shell2.0.dll

%Windir%\systemdb.exe

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.