ThreatExpert's Statistics for Mal/FakeAV-BP [Sophos]:

Mal/FakeAV-BP [Sophos] is also known as:

Threat Alias	Number of Incidents
Packed.Win32.TDSS.aa [Kaspersky Lab]	201
FakeAlert-JU [McAfee]	122
Trojan.Vundo [Symantec]	120
Worm:Win32/Vundo.B [Microsoft]	61
Trojan.Vundo [PC Tools]	60
WindowsAntivirusPro [Symantec]	44
Trojan:Win32/FakeSpyguard [Microsoft]	39
RogueAntiSpyware.WindowsAntivirusPro [PC Tools]	38
Trojan:Win32/FakeCog [Microsoft]	37
FakeAlert-FQ [McAfee]	20
Packed.Win32.Tdss [Ikarus]	16
Trojan:Win32/Alureon.CT [Microsoft]	13
Win-Trojan/Xema.variant [AhnLab]	13
Trojan.FakeAV [Symantec]	11
Trojan:Win32/Alureon.BT [Microsoft]	11
DNSChanger.p [McAfee]	10
FakeAlert-KT [McAfee]	9
Packed.Generic.254 [Symantec]	9
AntiVirus2008 [Symantec]	8
Suspicious.MH690 [Symantec]	8
Trojan.Win32.FraudPack.acif [Kaspersky Lab]	8
TrojanSpy:Win32/Chadem.A [Microsoft]	7
Trojan:Win32/InternetAntivirus [Microsoft]	6
Trojan.Win32.Alureon [Ikarus]	5
FakeAlert-KU [McAfee]	4
Generic FakeAlert!dj [McAfee]	4
RogueAntiSpyware.AntiVirus2008 [PC Tools]	4
Suspicious.Graybird.1 [Symantec]	4
Trojan.FakeAlert [PC Tools]	4
Trojan.FakeAV [PC Tools]	4
Mal/TDSSPack-Q, Mal/FakeAV-BP [Sophos]	3
Trojan.Generic [PC Tools]	3
Trojan:Win32/Alureon.BF [Microsoft]	3
DNSChanger.at [McAfee]	2
DNSChanger.r [McAfee]	2
Gen.Trojan [Ikarus]	2
HeurEngine.MaliciousPacker [PC Tools]	2
Mal/EncPk-ND, Mal/FakeAV-BP [Sophos]	2
Suspicious.Vundo.2 [Symantec]	2
Trojan Horse [Symantec]	2
Trojan.Win32.FakeCog [Ikarus]	2
Trojan.Win32.FakeSpyguard [Ikarus]	2
Trojan.Win32.InternetAntivirus [Ikarus]	2
Trojan:Win32/Alureon.DC [Microsoft]	2
Trojan-Downloader.Win32.FraudLoad.wwwh [Kaspersky Lab]	2
Trojan-Dropper.Win32.Agent.bihg [Kaspersky Lab]	2
Trojan-Dropper.Win32.Agent.bihi [Kaspersky Lab]	2
Virus.Packed.Win32.Tdss [Ikarus]	2
Win-Trojan/Malware.1196032.B [AhnLab]	2
Application.Maybe_RogueAV [PC Tools]	1
Backdoor.Tidserv [Symantec]	1
Backdoor.Win32.Small.irf [Kaspersky Lab]	1
DNSChanger!cx [McAfee]	1
Downloader.MisleadApp [Symantec]	1
Dropper/Malware.16896.F [AhnLab]	1
FakeAlert-JN [McAfee]	1
Generic PWS.y!bfv [McAfee]	1
Generic.dx!hca [McAfee]	1
HeurEngine.Vundo [PC Tools]	1
Packed.Generic.277 [Symantec]	1
RogueAntiSpyware.InternetAntivirus [PC Tools]	1
Trojan.Win32.FakeAV [Ikarus]	1
Trojan.Win32.FraudPack.abrj [Kaspersky Lab]	1
Trojan.Win32.FraudPack.ykn [Kaspersky Lab]	1
Trojan.Win32.Pakes.nse [Kaspersky Lab]	1
Trojan.Win32.Pincav.mwo [Kaspersky Lab]	1
Trojan.Win32.Tdss.auzn [Kaspersky Lab]	1
Trojan.Win32.Tdss.avmt [Kaspersky Lab]	1
Trojan:Win32/Alureon.DA [Microsoft]	1
Trojan:Win32/Alureon.gen!U [Microsoft]	1
Trojan-Downloader.Win32.FraudLoad.fyg [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.wwlg [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.wwso [Kaspersky Lab]	1
TrojanDownloader:Win32/FakeSmoke [Microsoft]	1
TrojanSpy:Win32/Bebloh.A [Microsoft]	1
Win-Trojan/Agent.66048.DE [AhnLab]	1
Win-Trojan/BypassAgent.52736.DS [AhnLab]	1
Win-Trojan/BypassAgent.52736.DT [AhnLab]	1
Win-Trojan/Downloader.28672.SC [AhnLab]	1
Win-Trojan/Downloader.32768.SA [AhnLab]	1
Win-Trojan/FakeAlert.28672.B [AhnLab]	1
Win-Trojan/Fakealert.950272 [AhnLab]	1
Win-Trojan/Malware.1146880.D [AhnLab]	1
Win-Trojan/Malware.1187840.F [AhnLab]	1
Win-Trojan/Malware.38400.M [AhnLab]	1
Win-Trojan/Tdss.32768 [AhnLab]	1

Mal/FakeAV-BP [Sophos] has the following possible country of origin:

Origin		Number of Incidents
	Russian Federation	49

Mal/FakeAV-BP [Sophos] is known to be created as:

%AllUsersProfile%\microsoft adata\sysnet.dll

%ProgramFiles%\antimalware\amext.dll

%ProgramFiles%\antimalware\antimalware.exe

%ProgramFiles%\personal guard 2009\personalguard.exe

%ProgramFiles%\personal guard 2009\uninstalls.exe

%ProgramFiles%\personal protector\personalprotector.exe

%ProgramFiles%\personal protector\un.exe

%ProgramFiles%\smart protector\smrtprt.exe

%ProgramFiles%\smart protector\uninstalls.exe

%System%\babijuga.dll

%System%\berateno.dll

%System%\bizoyuza.dll

%System%\bohotute.dll

%System%\busivapo.dll

%System%\defisebe.dll

%System%\difahime.dll

%System%\domeroha.dll

%System%\dunuwopo.dll

%System%\galaduja.dll

%System%\h8srtxvitlwxbdi.dll

%System%\hagatogo.dll

%System%\hemafovi.dll

%System%\hivotugu.dll

%System%\hubozupi.dll

%System%\kobitaka.dll

%System%\kohirovu.dll

%System%\ladakaku.dll

%System%\lepetiwa.dll

%System%\mujipeyo.dll

%System%\nanemefu.dll

%System%\rahohipa.dll

%System%\rdkewti.exe

%System%\sajudiwa.dll

%System%\tidahahi.dll

%System%\vutikonu.dll

%System%\winsc.exe

%System%\winscent.exe

%System%\zozelemu.dll

%System%\zuyahoba.dll

%System%\zuzisoge.dll

%Temp%\0_11adwara.exe

%Temp%\imoliv.exe

%Temp%\richtx64.exe

%Temp%\sysnet.dll

%Temp%\winhbt.exe

%Temp%\winnrk64.dll

%Temp%\wow64main.exe

%Temp%\wscsvc32.exe

%Temp%\x66666666666.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).