Threat Search: 

ThreatExpert's Statistics for Mal/Emogen-F [Sophos]:

Mal/Emogen-F [Sophos] is also known as:
Threat AliasNumber of Incidents
Trojan Horse [Symantec]79
Generic.dx [McAfee]61
Win32.SuspectCrc [Ikarus]54
TROJ_VB.GFB [Trend Micro]49
Trojan.Win32.VB.dxj [Kaspersky Lab]49
Trojan.KillAV [Symantec]43
Trojan.Win32.BHO.acph [Kaspersky Lab]42
Trojan-Downloader.Win32.VB [Ikarus]21
Win-Trojan/Xema.variant [AhnLab]16
Trojan-Dropper.VB.BLD [PC Tools]14
Downloader [Symantec]12
Trojan:Win32/Sibleep.gen [Microsoft]10
Generic.dx!cs [McAfee]9
Trojan.Popuper [PC Tools]9
Generic Downloader.x [McAfee]8
Trojan.Win32.VB [Ikarus]7
Trojan-Dropper.Agent [Ikarus]7
Trojan.Adclicker [Symantec]6
Generic BackDoor [McAfee]5
Suspicious.MH690 [Symantec]5
Trojan.Dropper [Symantec]5
Backdoor.VB!sd6 [PC Tools]4
Backdoor.Win32.VB [Ikarus]4
Backdoor.Win32.VB.grp [Kaspersky Lab]4
HackTool.Win32.PHPWind [Ikarus]4
not-a-virus:AdTool.Win32.VB.a [Ikarus]4
Trojan.Win32.Agent [Ikarus]4
BehavesLike [Ikarus]3
New Malware.aj [McAfee]3
not-a-virus:WebToolbar.Win32.VB.a [Kaspersky Lab]3
Packed/Upack [AhnLab]3
Trojan.Generic [Ikarus]3
Trojan.Win32.Agent.brdm [Kaspersky Lab]3
Trojan-Dropper [Ikarus]3
Trojan-Dropper.Win32.Agent.apot [Kaspersky Lab]3
Virus.Trojan.Win32.Agent [Ikarus]3
Win-Trojan/Agent.17467 [AhnLab]3
Constructor.Win32.VB [Ikarus]2
Constructor.Win32.VB.eb [Kaspersky Lab]2
Downloader.gen.a [McAfee]2
Gen.Trojan [Ikarus]2
Generic.dx!bbt [McAfee]2
Trojan.Dropper [PC Tools]2
Trojan.PWS.QQPass [Symantec]2
Trojan.Qhosts [Symantec]2
Trojan.Win32.BHO.acqu [Kaspersky Lab]2
Trojan.Win32.Qhost [Ikarus]2
Trojan-Downloader.Win32.Agent.bpcn [Kaspersky Lab]2
Trojan-Dropper.Vb.1 [Ikarus]2
Trojan-Dropper.Win32.Agent.biyb [Kaspersky Lab]2
Win-Trojan/Agent.12288.NJ [AhnLab]2
Win-Trojan/Malware.90807 [AhnLab]2
AddUser-A [McAfee]1
Adware.Gen [PC Tools]1
Adware.Gen [Symantec]1
Backdoor.Trojan [Symantec]1
Backdoor.Win32.Popwin [Ikarus]1
Backdoor.Win32.Shark [Ikarus]1
BehavesLikeWin32.VBMalware [Ikarus]1
Constructor.generic!ct [PC Tools]1
Constructor.VB!ct [PC Tools]1
Dropper/Agent.43008.AL [AhnLab]1
Dropper/Agent.69632.AO [AhnLab]1
Dropper/Agent.69632.AR [AhnLab]1
Generic Downloader.x!bgx [McAfee]1
Generic Downloader.x!bo [McAfee]1
Generic Dropper!bf [McAfee]1
Generic PUP.a [McAfee]1
Generic PUP.x!cj [McAfee]1
Generic Qhost [McAfee]1
Generic.do [McAfee]1
Generic.dx!be [McAfee]1
Generic.dx!iuz [McAfee]1
Infostealer [Symantec]1
not-a-virus:AdWare.Win32.VB [Ikarus]1
not-a-virus:AdWare.Win32.VB.fb [Kaspersky Lab]1
PWS:Win32/OnLineGames.GH [Microsoft]1
Qhost-Gen [McAfee]1
Sibleep [McAfee]1
Spy-Agent.dj [McAfee]1
TROJ_GAMETHIE.ML [Trend Micro]1
TROJ_Generic [Trend Micro]1
TROJ_VB.ECA [Trend Micro]1
Trojan.AddUser.A [PC Tools]1
Trojan.ATRAPS [Ikarus]1
Trojan.CL.VB.DWOF [PC Tools]1
Trojan.Crypt [Ikarus]1
Trojan.Generic [PC Tools]1
Trojan.Qhost!sd5 [PC Tools]1
Trojan.Qhosts [PC Tools]1
Trojan.SpamThru [Symantec]1
Trojan.Startpage [Symantec]1
Trojan.VB.NHF [Ikarus]1
Trojan.Win32.AddUser [Ikarus]1
Trojan.Win32.AddUser.a [Kaspersky Lab]1
Trojan.Win32.AddUser.av [Kaspersky Lab]1
Trojan.Win32.Agent.avui [Kaspersky Lab]1
Trojan.Win32.Agent.azxb [Kaspersky Lab]1
Trojan.Win32.Agent.bfjh [Kaspersky Lab]1
Trojan.Win32.Agent.bxzt [Kaspersky Lab]1

Mal/Emogen-F [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
China129
United Kingdom6
Taiwan4

Mal/Emogen-F [Sophos] is known to be created as:
%FontsDir%\uusee.exe
%FontsDir%\winlogon.exe
%ProgramFiles%\360safe\system360.exe
%ProgramFiles%\henqu\setinfo.exe
%ProgramFiles%\internet explorer\160yes.exe
%ProgramFiles%\internet explorer\24787513.exe
%ProgramFiles%\internet explorer\27725054.exe
%ProgramFiles%\internet explorer\2773909.exe
%ProgramFiles%\internet explorer\27903155.exe
%ProgramFiles%\internet explorer\29929616.exe
%ProgramFiles%\internet explorer\31320330.exe
%ProgramFiles%\internet explorer\32400017.exe
%ProgramFiles%\internet explorer\32925014.exe
%ProgramFiles%\internet explorer\signup\conime.exe
%ProgramFiles%\internet explorer\smss.exe
%ProgramFiles%\internet explorer\wybho.exe
%ProgramFiles%\miniie\miniie_2.exe
%ProgramFiles%\mui\microsoftms.exe
%ProgramFiles%\netman\clear.exe
%ProgramFiles%\pps\360safe.exe
%ProgramFiles%\uninstall information\aagbe.exe
%System%\090520-7-7.exe
%System%\090521-2-4.exe
%System%\360safes.exe
%System%\875975.exe
%System%\clear.exe
%System%\cssrs.exe
%System%\dianying.exe
%System%\explore.exe
%System%\iexploer.exe
%System%\ime\pintlgnt\pintlgrb.exe
%System%\kernel.exe
%System%\lockerplug32.exe
%System%\lockerplug64.exe
%System%\update.exe
%System%\wbem\fonts.exe
%System%\wbem\internat.exe
%System%\woudst.exe
%System%\yoyo2ashin.exe
%Temp%\090615-2-2.exe
%Temp%\090615-2-3.exe
%Temp%\090615-2-4.exe
%Temp%\222s.exe
%Temp%\27903155.exe
%Temp%\31078157.exe
%Temp%\360safe.exe
%Temp%\36771853.exe
%Temp%\463.exe
%Temp%\ixp000.tmp\explore.exe
%Temp%\pintlgrb.exe
%Temp%\speciallinkio.exe
%UserProfile%\o2.exe
%Windir%\cursors\beifen.exe
%Windir%\inf\svchost.exe
%Windir%\long.exe
%Windir%\memempty.exe
%Windir%\svchos.exe
%Windir%\system_safe.exe
%Windir%\temp\29929616.exe
%Windir%\web\iexpl0re.exe
c:\internat.exe
c:\svhuy.exe
c:\topy.exe
Notes:
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.