ThreatExpert's Statistics for Mal/FakeAV-AA [Sophos]:

Mal/FakeAV-AA [Sophos] is also known as:

Threat Alias	Number of Incidents
RogueAntiSpyware.PrivacyCenter [PC Tools]	214
FakeAlert-KZA [McAfee]	192
Trojan:Win32/PrivacyCenter [Microsoft]	167
Generic FakeAlert!dh [McAfee]	132
not-a-virus:FraudTool.Win32.PrivacyCenter.qz [Kaspersky Lab]	81
PrivacyCenter [Symantec]	62
Downloader.MisleadApp [Symantec]	43
not-a-virus:FraudTool.Win32.SystemSecurity.cc [Kaspersky Lab]	42
Generic FakeAlert!dv [McAfee]	37
Generic FakeAlert!dy [McAfee]	30
Trojan-Downloader.Win32.NSIS.bo [Kaspersky Lab]	30
Win-Trojan/Xema.variant [AhnLab]	29
Trojan.FakeAV [PC Tools]	24
Trojan.FakeAV [Symantec]	24
Trojan.Win32.FraudPack.ajrd [Kaspersky Lab]	24
Trojan-Downloader.Win32.NSIS.az [Kaspersky Lab]	24
Trojan Horse [Symantec]	22
Trojan-Downloader.Win32.NSIS.ax [Kaspersky Lab]	22
Generic.Win32.Malware [Ikarus]	20
not-a-virus:FraudTool.Win32.PrivacyCenter.qy [Kaspersky Lab]	20
Trojan.Win32.FraudPack.agta [Kaspersky Lab]	20
Trojan-Downloader.Win32.NSIS.bq [Kaspersky Lab]	19
TrojanDownloader:Win32/Renos.BAO [Microsoft]	19
RogueAntiSpyware.ControlCenter [PC Tools]	18
Trojan-Downloader.Win32.NSIS.bh [Kaspersky Lab]	17
Trojan-Downloader.Win32.NSIS [Ikarus]	15
Trojan:Win32/FakePlus [Microsoft]	13
Generic FakeAlert!dd [McAfee]	11
Trojan.Crypt [Ikarus]	9
FakeAlert-DF [McAfee]	8
Trojan.Win32.FraudPack.ajki [Kaspersky Lab]	8
Trojan.Generic [PC Tools]	7
Trojan.Fakeavalert [Symantec]	5
Trojan.Win32.FakePlus [Ikarus]	5
Win-Trojan/Fraudpack.1747456 [AhnLab]	5
not-a-virus:FraudTool.Win32.AntivirusPlus.fg [Kaspersky Lab]	4
RogueAntiSpyware.PrivacyCenter.AJ [PC Tools]	4
Trojan.Win32.FakeAV [Ikarus]	4
Trojan-Downloader.Win32.NSIS.ca [Kaspersky Lab]	4
Trojan-Downloader.Win32.Renos [Ikarus]	3
Gen.Trojan [Ikarus]	2
Generic FakeAlert!d [McAfee]	2
not-a-virus:FraudTool.Win32.AntivirusPlus [Ikarus]	2
Trojan:Win32/Tibs.IT [Microsoft]	2
Trojan-Downloader.Win32.NSIS.br [Kaspersky Lab]	2
Win-Trojan/Nsis.2019840 [AhnLab]	2
Adware.Lop [PC Tools]	1
Adware.Lop [Symantec]	1
FakeAlert-SystemSecurity [McAfee]	1
FakeAlert-WinwebSecurity.gen [McAfee]	1
Generic FakeAlert.b [McAfee]	1
Generic PUP.z [McAfee]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.ax [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.ca [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.cy [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.ea [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.eb [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.fd [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.fx [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.hd [Kaspersky Lab]	1
TROJ_DLOADER.ZDO [Trend Micro]	1
Trojan.Win32.FakeXPA [Ikarus]	1
Trojan.Win32.FraudPack.afob [Kaspersky Lab]	1
Trojan.Win32.Tibs [Ikarus]	1
Trojan-Downloader.Win32.Delf [Ikarus]	1
Trojan-Downloader.Win32.Delf.puu [Kaspersky Lab]	1
Trojan-Downloader.Win32.Delf.tap [Kaspersky Lab]	1
Trojan-Downloader.Win32.Delf.umx [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad [Ikarus]	1
Trojan-Downloader.Win32.FraudLoad.euw [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.evw [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.vrha [Kaspersky Lab]	1
Trojan-Downloader.Win32.NSIS.cc [Kaspersky Lab]	1
Win-Trojan/Agent.438272.AB [AhnLab]	1
Win-Trojan/Fakealert.40448.C [AhnLab]	1
Win-Trojan/Fakeav.666624.B [AhnLab]	1

Mal/FakeAV-AA [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Ukraine	48
	Russian Federation	12

Mal/FakeAV-AA [Sophos] is known to be created as:

%AppData%\ccenter\ccagent.exe

%AppData%\c-center\ccagent.exe

%AppData%\ccenter\ccmain.exe

%AppData%\c-center\ccmain.exe

%AppData%\control manager\ccagent.exe

%AppData%\control manager\ccmain.exe

%AppData%\control-center\ccagent.exe

%AppData%\control-center\ccmain.exe

%AppData%\ctrlcenter\ccagent.exe

%AppData%\ctrl-center\ccagent.exe

%AppData%\ctrlcenter\ccmain.exe

%AppData%\ctrl-center\ccmain.exe

%AppData%\pc\agent.exe

%AppData%\pc\pc.exe

%AppData%\privacy center\ccagent.exe

%AppData%\privacy center\ccmain.exe

%System%\wingamma.exe

%Temp%\090601-3-2.exe

%Temp%\090618-4-6.exe

%Temp%\090618-5-3.exe

%Temp%\antivirusplus.exe

%Temp%\installer_1.exe

%Temp%\rundll32.exe

%Temp%\setup.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).