ThreatExpert's Statistics for Mal/FakeAV-BX [Sophos]:

Mal/FakeAV-BX [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan:Win32/Opachki.A [Microsoft]	2,300
Packed.Generic.271 [Symantec]	2,062
HeurEngine.MaliciousPacker [PC Tools]	2,042
Packed.Win32.Katusha.j [Kaspersky Lab]	2,028
Packed.Win32.Katusha [Ikarus]	2,026
Generic.dx!lne [McAfee]	945
Trojan Horse [Symantec]	71
Trojan.Generic [PC Tools]	66
Trojan:Win32/Ertfor.B [Microsoft]	45
Trojan.Win32.Ertfor [Ikarus]	38
Win-Trojan/Xema.variant [AhnLab]	36
TrojanClicker:Win32/Hatigh.C [Microsoft]	29
Trojan:Win32/Fakeinit [Microsoft]	27
Trojan-Clicker.Win32.Hatigh [Ikarus]	27
FakeAlert-SpyPro [McAfee]	25
Trojan.Win32.FakeSpypro [Ikarus]	25
Trojan:Win32/FakeSpypro [Microsoft]	10
CoreGuardAntivirus2009 [Symantec]	7
Packed.Win32.Krap [Ikarus]	7
Packed.Win32.Krap.ah [Kaspersky Lab]	7
Win-Trojan/Krap.102912.H [AhnLab]	6
RogueAntiSpyware.CoreGuardAntivirus2009 [PC Tools]	5
Backdoor.Graybird [PC Tools]	4
Backdoor.Graybird [Symantec]	4
Backdoor:Win32/Syrutrk.A [Microsoft]	4
FakeAlert-KS [McAfee]	4
Trojan.Win32.Pakes [Ikarus]	4
Trojan.Win32.Pakes.nst [Kaspersky Lab]	4
TrojanDownloader:Win32/Fakeinit [Microsoft]	4
Trojan-Ransom.Win32.Agent.iv [Kaspersky Lab]	4
Fakealert-KS.dll [McAfee]	3
Trojan.FakeAV [PC Tools]	3
Trojan.FakeAV [Symantec]	3
Trojan.Win32.FakeAV [Ikarus]	3
Trojan-Clicker.Win32.Vesloruki.cut [Kaspersky Lab]	3
Backdoor:Win32/Hostil.F [Microsoft]	2
Downloader.Generic [PC Tools]	2
Gen.AdWare [Ikarus]	2
PWS.Win32 [Ikarus]	2
PWS:Win32/Zbot.J [Microsoft]	2
PWS:Win32/Zbot.PK [Microsoft]	2
Trojan.Win32.FraudPack.abrk [Kaspersky Lab]	2
Trojan.Zbot [PC Tools]	2
Trojan.Zbot [Symantec]	2
Trojan-Clicker.Win32.Vesloruki [Ikarus]	2
TrojanClicker:Win32/Klik [Microsoft]	2
Trojan-Downloader.Small.GEN [PC Tools]	2
Trojan-Downloader.Win32.FraudLoad [Ikarus]	2
Trojan-Downloader.Win32.FraudLoad.gar [Kaspersky Lab]	2
Trojan-Downloader.Win32.FraudLoad.gkl [Kaspersky Lab]	2
Backdoor.Win32.Hostil [Ikarus]	1
Downloader [Symantec]	1
Dropper/Malware.15000 [AhnLab]	1
Dropper/Malware.15001.B [AhnLab]	1
FakeAlert-LA.dll [McAfee]	1
Generic PWS.y!bkk [McAfee]	1
Generic.dx!jfw [McAfee]	1
Generic.dx!kwv [McAfee]	1
Mal/Generic-A [Sophos]	1
PWS:Win32/Daptdei.A [Microsoft]	1
PWS:Win32/Zbot.gen!R [Microsoft]	1
Trojan.Dropper [PC Tools]	1
Trojan.Dropper [Symantec]	1
Trojan.InterNetSecurity.a.gen [PC Tools]	1
Trojan.Virantix [Symantec]	1
Trojan.Win32.Agent [Ikarus]	1
Trojan.Win32.Agent.ddod [Kaspersky Lab]	1
Trojan.Win32.Agent.deyu [Kaspersky Lab]	1
Trojan.Win32.Agent.dfhm [Kaspersky Lab]	1
Trojan.Win32.Agent2 [Ikarus]	1
Trojan.Win32.Agent2.lfw [Kaspersky Lab]	1
Trojan.Win32.BHO.adgm [Kaspersky Lab]	1
Trojan.Win32.BHO.adib [Kaspersky Lab]	1
Trojan.Win32.FakeAV.bt [Kaspersky Lab]	1
Trojan.Win32.Fakeinit [Ikarus]	1
Trojan.Win32.FraudPack.aecl [Kaspersky Lab]	1
Trojan.Win32.FraudPack.aedj [Kaspersky Lab]	1
Trojan.Win32.FraudPack.akjr [Kaspersky Lab]	1
Trojan.Win32.Opachki [Ikarus]	1
Trojan.Win32.Vilsel [Ikarus]	1
Trojan.Win32.Vilsel.ocm [Kaspersky Lab]	1
Trojan-Clicker.Win32.Klik [Ikarus]	1
Trojan-Downloader.Win32.FraudLoad.gaf [Kaspersky Lab]	1
Trojan-Downloader.Win32.FraudLoad.gcn [Kaspersky Lab]	1
TrojanDownloader:Win32/Harnig.gen!L [Microsoft]	1
Trojan-Dropper.Agent [Ikarus]	1
Trojan-Dropper.Win32.Microjoin [Ikarus]	1
Trojan-Dropper.Win32.Mudrop [Ikarus]	1
Trojan-Dropper.Win32.Mudrop.flu [Kaspersky Lab]	1
TrojanDropper:Win32/Agent.UM [Microsoft]	1
TrojanDropper:Win32/Microjoin.gen!B [Microsoft]	1
Trojan-Ransom [Ikarus]	1
Trojan-Spy.Win32.Zbot [Ikarus]	1
Vilsel [McAfee]	1
Win32/XDecrypt [AhnLab]	1
Win-Trojan/Agent.16896.VL [AhnLab]	1
Win-Trojan/Agent2.15360.J [AhnLab]	1
Win-Trojan/Fakeav.18944.B [AhnLab]	1
Win-Trojan/Fraudload.18944.O [AhnLab]	1
Win-Trojan/Fraudpack.1380352.F [AhnLab]	1

Mal/FakeAV-BX [Sophos] has the following possible country of origin:

Origin		Number of Incidents
	Russian Federation	11

Mal/FakeAV-BX [Sophos] is known to be created as:

%Profiles%\default user\ntload.dll

%Profiles%\default user\start menu\programs\startup\scandisk.dll

%Profiles%\localservice\ntload.dll

%Profiles%\networkservice\ntload.dll

%ProgramFiles%\advancedvirusremover\avr.exe

%ProgramFiles%\internetsecurity2010\is2010.exe

%Programs%\startup\scandisk.dll

%System%\avr10.exe

%System%\helper32.dll

%System%\is15.exe

%System%\msxslt3.exe

%System%\notepad.dll

%System%\ntos.exe

%System%\sdra64.exe

%System%\v7xy3pcb.dll

%System%\winhelper86.dll

%System%\wininet.exe

%System%\winlogon86.exe

%System%\winupdate86.exe

%Temp%\2_load.exe

%Temp%\3268876696.exe

%Temp%\3983917438.exe

%Temp%\6_ldr3.exe

%Temp%\agqd48.exe

%Temp%\avp.exe

%Temp%\avto.exe

%Temp%\avto1.exe

%Temp%\avto2.exe

%Temp%\c0zrz4k.exe

%Temp%\cb63v.exe

%Temp%\drweb.exe

%Temp%\lsass.exe

%Temp%\lx4m0j.exe

%Temp%\ntload.dll

%Temp%\nvsvc32.exe

%Temp%\o9lzgyptv.exe

%Temp%\scrusysguard.exe

%Temp%\services.exe

%Temp%\setup.exe

%Temp%\smss.exe

%Temp%\svchost.exe

%Temp%\system.exe

%Temp%\taskmgr.exe

%Temp%\tlwts.exe

%Temp%\win32.exe

%Temp%\winhelper86.dll

%Temp%\winlogon.exe

%Temp%\xxmga.exe

%UserProfile%\ntload.dll

%Windir%\odb.exe

%Windir%\svc.exe

%Windir%\svw.exe

%Windir%\svx.exe

%Windir%\temp\ntload.dll

%Windir%\temp\wpv501259025561.exe

%Windir%\temp\wpv631259025561.exe

%Windir%\temp\wpv961259025561.exe

Notes:

%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.