ThreatExpert's Statistics for Mal/Heuri-E [Sophos]:

Mal/Heuri-E [Sophos] is also known as:

Threat Alias	Number of Incidents
Downloader [Symantec]	66
Generic Downloader.x [McAfee]	40
Trojan.Fakeavalert [Symantec]	30
PWS:Win32/Kotwir.A.dll [Microsoft]	29
Trojan-Downloader.Win32.VB.gix [Kaspersky Lab]	25
Trojan-Downloader.Win32.FraudLoad [Ikarus]	19
Troj/FakeAle-GY [Sophos]	18
TROJ_FAKEAVAL.AY [Trend Micro]	18
Trojan.Fakeavalert!sd6 [PC Tools]	18
Trojan-Downloader.Win32.FraudLoad.vbyl [Kaspersky Lab]	18
Trojan Horse [Symantec]	17
Infostealer.Gampass [Symantec]	14
PWS-Banker [McAfee]	14
PWS-Mmorpg.gen [McAfee]	13
Downloader.gen.a [McAfee]	12
Possible_DLDER [Trend Micro]	11
Puper [McAfee]	11
Trojan.Zlob [Symantec]	11
Backdoor.Trojan [Symantec]	10
TrojanDownloader:Win32/Small.gen!B [Microsoft]	10
Trojan-PSW.Win32.Nilage.cdd [Kaspersky Lab]	10
Generic.dx [McAfee]	9
Trojan-Downloader.Win32.Zlob.dnx [Kaspersky Lab]	9
TrojanDownloader:Win32/Small [Microsoft]	9
W32.Fujacks.E [Symantec]	9
Worm.Win32.AutoRun.duo [Kaspersky Lab]	9
Mal_Banker [Trend Micro]	8
Trojan-Downloader.Win32.Agent.akwa [Kaspersky Lab]	8
Trojan-PSW.Nilage!sd6 [PC Tools]	8
TROJ_SMALL.IAE [Trend Micro]	7
Trojan.DL.Small.Gen.27 [PC Tools]	7
TrojanDownloader:Win32/Small.gen!Z [Microsoft]	7
Downloader.Bancos [Symantec]	6
PWS-Banker.dldr [McAfee]	6
PWS-Lineage.dll [McAfee]	6
Trojan-Downloader.Win32.Small [Ikarus]	6
TrojanDownloader:Win32/Small.gen!AO [Microsoft]	6
Trojan-PSW.Win32.QQGame.fa [Kaspersky Lab]	6
Trojan-PWS.OnlineGames.GLZ [PC Tools]	6
Downloader.Trojan [Symantec]	5
Trojan.Win32.Matcash.KX [Ikarus]	5
Trojan-Downloader.Win32.Banload [Ikarus]	5
Trojan-Downloader.Win32.Small.afeu [Kaspersky Lab]	5
Trojan-Dropper.Agent [Ikarus]	5
VirTool:WinNT/Siapag!gen.A [Microsoft]	5
Backdoor.Win32.Small.tf [Kaspersky Lab]	4
BKDR_SMALL.IQV [Trend Micro]	4
Generic PUP.x [McAfee]	4
PWS-Hangame [McAfee]	4
Trojan.Maocal [Symantec]	4
Trojan.Popuper [PC Tools]	4
Trojan-Downloader.Win32.Agent.agbt [Kaspersky Lab]	4
Trojan-Downloader.Win32.Satray.ce [Kaspersky Lab]	4
Trojan-Downloader.Win32.VB.hof [Kaspersky Lab]	4
Trojan-Downloader.Win32.VB.hqj [Kaspersky Lab]	4
TrojanDownloader:Win32/Banload.gen!I [Microsoft]	4
Trojan-GameThief.Win32.Nilage.bsm [Kaspersky Lab]	4
Trojan-Proxy.Win32.Delf.AN [Ikarus]	4
Trojan-PSW.Win32.Gamec.fp [Kaspersky Lab]	4
Downloader-AE [McAfee]	3
Generic.cb [McAfee]	3
Infostealer [Symantec]	3
New Malware.ca [McAfee]	3
New Win32 [McAfee]	3
TROJ_AGENT.YTL [Trend Micro]	3
TROJ_DLOADER.OZL [Trend Micro]	3
TROJ_ZLOB.CDT [Trend Micro]	3
Trojan.DL.Zlob.HUV [PC Tools]	3
Trojan:Win32/Malagent [Microsoft]	3
Trojan:Win32/Meredrop [Microsoft]	3
Trojan-Downloader.Delphi [Ikarus]	3
Trojan-Downloader.Win32.Delf.zd [Ikarus]	3
TrojanDownloader:Win32/Agenttiny [Microsoft]	3
TrojanDownloader:Win32/Small.gen!X [Microsoft]	3
Trojan-GameThief.Win32.OnLineGames.skmj [Kaspersky Lab]	3
Adware.Purityscan [Symantec]	2
Downloader.Bancos!gen [Symantec]	2
Downloader.MisleadApp [Symantec]	2
Downloader-ABU [McAfee]	2
Exploit-Mydoom [McAfee]	2
Generic BackDoor [McAfee]	2
Generic Downloader.c [McAfee]	2
Generic Downloader.z [McAfee]	2
Generic.yy [McAfee]	2
Infostealer.Wowcraft [Symantec]	2
New Malware.eb [McAfee]	2
not-a-virus:Downloader.Win32.FraudLoad.ev [Kaspersky Lab]	2
Possible_Virus [Trend Micro]	2
PWS-Gamania.dr [McAfee]	2
TROJ_DLOADER.GEN [Trend Micro]	2
TROJ_DLOADER.URR [Trend Micro]	2
TROJ_DLOADER.XLT [Trend Micro]	2
Trojan.Duntek [Symantec]	2
Trojan.Maocal!sd6 [PC Tools]	2
Trojan.Packed [Ikarus]	2
Trojan:Win32/Bumat!rts [Microsoft]	2
Trojan:Win32/Chiviper.B [Microsoft]	2
Trojan-Clicker.Agent.LU [PC Tools]	2
Trojan-Clicker.Win32.Agent.lu [Kaspersky Lab]	2
Trojan-Downloader.Agent!sd6 [PC Tools]	2

Mal/Heuri-E [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	64
	China	30
	Russian Federation	11
	Republic of Korea	7
	Israel	4
	Japan	4
	France	1
	Italy	1
	Netherlands	1
	Ukraine	1

Mal/Heuri-E [Sophos] is known to be created as:

%FontsDir%\hxf.exe

%FontsDir%\uctdate.exe

%ProgramFiles%\alsearch\installals.exe

%ProgramFiles%\common files\adobe.dll

%ProgramFiles%\common files\designer\wsock32.dll

%ProgramFiles%\common files\mssoap\binaries\wsock32.dll

%ProgramFiles%\common files\mssoap\wsock32.dll

%ProgramFiles%\common files\odbc\data sources\wsock32.dll

%ProgramFiles%\common files\odbc\wsock32.dll

%ProgramFiles%\common files\services\wsock32.dll

%ProgramFiles%\common files\speechengines\microsoft\wsock32.dll

%ProgramFiles%\common files\speechengines\wsock32.dll

%ProgramFiles%\common files\system\ado\wsock32.dll

%ProgramFiles%\common files\system\msadc\wsock32.dll

%ProgramFiles%\common files\system\ole db\wsock32.dll

%ProgramFiles%\common files\system\wsock32.dll

%ProgramFiles%\common files\wise installation wizard\wsock32.dll

%ProgramFiles%\common files\wsock32.dll

%ProgramFiles%\complus applications\wsock32.dll

%ProgramFiles%\internet explorer\connection wizard\wsock32.dll

%ProgramFiles%\internet explorer\mui\0409\wsock32.dll

%ProgramFiles%\internet explorer\mui\wsock32.dll

%ProgramFiles%\internet explorer\signup\wsock32.dll

%ProgramFiles%\internet explorer\wsock32.dll

%ProgramFiles%\messenger\wsock32.dll

%ProgramFiles%\microsoft frontpage\version3.0\bin\wsock32.dll

%ProgramFiles%\microsoft frontpage\version3.0\wsock32.dll

%ProgramFiles%\microsoft frontpage\wsock32.dll

%ProgramFiles%\movie maker\wsock32.dll

%ProgramFiles%\msn gaming zone\windows\wsock32.dll

%ProgramFiles%\msn gaming zone\wsock32.dll

%ProgramFiles%\msn\msncorefiles\install\wsock32.dll

%ProgramFiles%\msn\msncorefiles\oobe\wsock32.dll

%ProgramFiles%\msn\msncorefiles\wsock32.dll

%ProgramFiles%\msn\msnia\wsock32.dll

%ProgramFiles%\msn\msninstaller\wsock32.dll

%ProgramFiles%\msn\wsock32.dll

%ProgramFiles%\netmeeting\wsock32.dll

%ProgramFiles%\online services\wsock32.dll

%ProgramFiles%\outerinfo\oinfp.exe

%ProgramFiles%\outlook express\wsock32.dll

%ProgramFiles%\s2f.exe

%ProgramFiles%\systen.exe

%ProgramFiles%\uninstall information\wsock32.dll

%ProgramFiles%\web publish\logfiles\wsock32.dll

%ProgramFiles%\web publish\wsock32.dll

%ProgramFiles%\windows media player\icons\wsock32.dll

%ProgramFiles%\windows media player\sample playlists\wsock32.dll

%ProgramFiles%\windows media player\skins\wsock32.dll

%ProgramFiles%\windows media player\visualizations\wsock32.dll

%ProgramFiles%\windows media player\wsock32.dll

%ProgramFiles%\windows nt\accessories\wsock32.dll

%ProgramFiles%\windows nt\pinball\wsock32.dll

%ProgramFiles%\windows nt\wsock32.dll

%ProgramFiles%\windowsupdate\wsock32.dll

%ProgramFiles%\winpcap\wsock32.dll

%ProgramFiles%\wsock32.dll

%System%\15102008.exe

%System%\a.dll

%System%\aabzzw.exe

%System%\ads\urldownload.dll

%System%\aolkua.dll

%System%\avs3461.exe

%System%\belink.dll

%System%\bfddos.dll

%System%\bhoies.dll

%System%\bhoiesf.dll

%System%\bhoiesurf.dll

%System%\combapihook.dll

%System%\combmsghook.dll

%System%\cross.exe

%System%\crypts.dll

%System%\drivers\suchost.exe

%System%\drivers\svchosl.exe

%System%\drivers\winmxd.dll

%System%\drivers\xcar.exe

%System%\eeebbz.exe

%System%\iebhos.dll

%System%\iebhosf.dll

%System%\iebhosurf.dll

%System%\klixqetm.exe

%System%\lxwx.dll

%System%\mmjjjf.exe

%System%\mstropper32.dll

%System%\nhj6150.exe

%System%\qea8515.exe

%System%\rdihost.dll

%System%\roolmm.exe

%System%\rpcds.dll

%System%\service\sixyahbi.exe

%System%\sfc9338.exe

%System%\sipov.dll

%System%\syst8t.exe

%System%\systime.exe

%System%\teh3274.exe

%System%\tvs3470.exe

%System%\urrroo.exe

%System%\wcheck.dll

%System%\win_l0.dll

%System%\windwn32.exe

Notes:

%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).