ThreatExpert's Statistics for Mal/FakeAV-AX [Sophos]:

Mal/FakeAV-AX [Sophos] is also known as:

Threat Alias	Number of Incidents
FakeAlert-DHA [McAfee]	38
Backdoor.Win32.Small.isr [Kaspersky Lab]	37
Packed.Generic.234 [Symantec]	19
PWS:Win32/Zbot.gen!R [Microsoft]	18
Trojan-Downloader.Win32.Cutwail [Ikarus]	15
Trojan:Win32/Winwebsec [Microsoft]	12
Trojan Horse [Symantec]	10
TrojanDownloader:Win32/Cutwail.gen!C [Microsoft]	10
Worm:Win32/Mariofev.A [Microsoft]	8
Trojan-Ransom.Win32.DigiPog.ab [Kaspersky Lab]	7
Downloader [Symantec]	6
Downloader.Generic [PC Tools]	6
Generic.dx!mog [McAfee]	6
Infostealer.Banker.C [Symantec]	6
Trojan.Generic [PC Tools]	6
Trojan-Downloader.Win32.Agent.dala [Kaspersky Lab]	6
Virus.Win32.Cryptor [Ikarus]	6
Backdoor.Trojan [Symantec]	5
FakeAlert-DZ [McAfee]	5
Packed.Win32.Krap.ao [Kaspersky Lab]	5
Trojan-Spy.Win32.Zbot [Ikarus]	5
TrojanSpy:Win32/Ursnif.gen!G [Microsoft]	5
FakeAlert-WinwebSecurity.a [McAfee]	4
Packed.Generic.264 [Symantec]	4
PWS:Win32/Zbot.gen!W [Microsoft]	4
Ransom!bz [McAfee]	4
Trojan.Win32.Winwebsec [Ikarus]	4
Trojan-PSW.Banker [PC Tools]	4
W32.Virut.CF [Symantec]	4
Win32/IRCBot.worm.variant [AhnLab]	4
Backdoor.Win32.HareBot.ee [Kaspersky Lab]	3
Backdoor.Win32.Protector.b [Kaspersky Lab]	3
Backdoor.Win32.Small.zx [Kaspersky Lab]	3
Cutwail [McAfee]	3
FakeAlert-WinwebSecurity.gen [McAfee]	3
Generic FakeAlert!ck [McAfee]	3
HeurEngine.MaliciousPacker [PC Tools]	3
Infostealer [Symantec]	3
Malware.Virut [PC Tools]	3
Suspicious.MH690 [Symantec]	3
Virus:Win32/Virut.gen!O [Microsoft]	3
Win-Trojan/Downloader.35328.JD [AhnLab]	3
Backdoor.Trojan [PC Tools]	2
Backdoor.Win32.HareBot [Ikarus]	2
Backdoor.Win32.Small.iof [Kaspersky Lab]	2
Backdoor.Win32.Small.yt [Kaspersky Lab]	2
Backdoor.Win32.Small.zv [Kaspersky Lab]	2
Generic Dropper.qo [McAfee]	2
Hacktool [Symantec]	2
Hacktool.Generic [PC Tools]	2
Packed.Win32.Krap [Ikarus]	2
PWS-Zbot [McAfee]	2
Trojan.Crypt [Ikarus]	2
Trojan-Downloader.Win32.FakeVimes [Ikarus]	2
Trojan-Downloader.Win32.FraudLoad.wchv [Kaspersky Lab]	2
Trojan-Downloader.Win32.Small [Ikarus]	2
Trojan-Downloader.Win32.Suurch.adm [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aaed [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aafs [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aaif [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aalj [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aall [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aapq [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.abfj [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.abkf [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.xvq [Kaspersky Lab]	2
Vilsel [McAfee]	2
Virus.Win32.Virut.ce [Kaspersky Lab]	2
W32/Virut.n.gen [McAfee]	2
Win-Trojan/Fakeav.355901 [AhnLab]	2
Win-Trojan/Suurch.38916 [AhnLab]	2
Win-Trojan/Zbot.101888 [AhnLab]	2
Backdoor.Protector [PC Tools]	1
Backdoor.Small!sd6 [PC Tools]	1
Backdoor.Win32.Bredolab.ca [Kaspersky Lab]	1
Backdoor.Win32.Small.ish [Kaspersky Lab]	1
Backdoor.Win32.Small.uh [Kaspersky Lab]	1
Dropper/Agent.65536.BU [AhnLab]	1
Generic BackDoor!y [McAfee]	1
Generic Downloader.x!bia [McAfee]	1
Generic Downloader.x!brz [McAfee]	1
Generic Downloader.x!btg [McAfee]	1
Generic Downloader.x!io [McAfee]	1
Generic Downloader.x!po [McAfee]	1
Generic FakeAlert!cd [McAfee]	1
Generic PWS.y!bck [McAfee]	1
Generic PWS.y!bie [McAfee]	1
Generic PWS.y!bzc [McAfee]	1
Generic PWS.y!dt [McAfee]	1
Generic PWS.y!pr [McAfee]	1
Generic PWS.y!wn [McAfee]	1
Generic.dx!dwn [McAfee]	1
Infostealer.Snifula.B [Symantec]	1
not-a-virus:FraudTool.Win32.Defender [Ikarus]	1
not-a-virus:FraudTool.Win32.VirusDoctor.v [Kaspersky Lab]	1
Spyware.Keylogger [Symantec]	1
Trojan.Bredolab [Symantec]	1
Trojan.Dropper [PC Tools]	1
Trojan.Dropper [Symantec]	1
Trojan.FakeAV [Symantec]	1

Mal/FakeAV-AX [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	7
	United Kingdom	4
	Ukraine	2

Mal/FakeAV-AX [Sophos] is known to be created as:

%CommonAppData%\13106404\13106404.exe

%CommonAppData%\13110624\13110624.exe

%CommonAppData%\4550\smartmechanic.exe

%CommonAppData%\e4a12b7\wse4a1.exe

%CommonAppData%\fcc6\windowsedefender.exe

%System%\.7e7753f2bf9a04bc\7e7753f2bf9a04bc.exe

%System%\reader_s.exe

%System%\sdra64.exe

%System%\twext.exe

%Temp%\1your_exe.exe

%Temp%\7zs2.tmp\crack.exe

%Temp%\install.exe

%Temp%\lsass.exe

%Temp%\services.exe

%Temp%\setup.exe

%Temp%\smss.exe

%Temp%\taskmgr.exe

%Temp%\userwhwr.exe

%Temp%\winamp.exe

%Temp%\winlogon.exe

%UserProfile%\reader_s.exe

%Windir%\9129837.exe

%Windir%\essledv.exe

%Windir%\rundll22.exe

%Windir%\srcdll.exe

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.