ThreatExpert's Statistics for Mal/VB-G [Sophos]:

Mal/VB-G [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan Horse [Symantec]	432
TrojanClicker:Win32/VB.M [Microsoft]	316
Trojan-Clicker.VB!sd6 [PC Tools]	237
Trojan-Clicker.Win32.VB.cvt [Kaspersky Lab]	212
Adclicker-GV [McAfee]	196
Trojan-Clicker.Win32.VB [Ikarus]	195
Trojan-Clicker.Win32.VB.cwf [Kaspersky Lab]	99
Trojan-Dropper.Agent [Ikarus]	86
Generic.dx!cn [McAfee]	77
Trojan-Banker.Win32.Bancos [Ikarus]	67
Trojan-Clicker.Win32.VB.cvg [Kaspersky Lab]	64
Generic.dx [McAfee]	62
Win-Trojan/Agent.65536.QQ [AhnLab]	56
Trojan:Win32/VB.OB [Microsoft]	46
Trojan-Clicker.VB.cwf [PC Tools]	44
Win-Trojan/Xema.variant [AhnLab]	33
not-a-virus:Monitor.Win32.PowerSpy [Ikarus]	31
Trojan-Dropper.Win32.VB.lhm [Kaspersky Lab]	28
Win-Trojan/Agent.249856.DT [AhnLab]	28
Trojan-Clicker.Win32.VB.cvp [Kaspersky Lab]	20
Trojan.Win32.Agent [Ikarus]	18
Dropper/Xema.249856.D [AhnLab]	16
Generic PWS.y [McAfee]	16
not-a-virus:AdTool.Win32.VB.a [Ikarus]	15
Spyware.PowerSpy [Symantec]	15
PWS-RedNeck [McAfee]	13
Trojan-Clicker.Win32.VB.cus [Kaspersky Lab]	11
Trojan.Generic [PC Tools]	10
Trojan:Win32/Malagent [Microsoft]	10
Trojan-Clicker.Win32.VB.cvp [Ikarus]	10
TrojanDownloader:Win32/Small.gen!D [Microsoft]	10
Win-Trojan/Clicker.66560 [AhnLab]	10
Infostealer [Symantec]	9
not-a-virus:Monitor.Win32.PowerSpy.f [Kaspersky Lab]	9
Trojan-Downloader.Win32.VB.pwt [Kaspersky Lab]	9
Trojan-Dropper.Win32.VB.msa [Kaspersky Lab]	9
not-a-virus:Monitor.Win32.PowerSpy.e [Kaspersky Lab]	8
Trojan.Crypt [Ikarus]	8
TrojanSpy.VB.ABBJ [PC Tools]	8
New Malware.ac [McAfee]	7
not-a-virus:Monitor.Win32.PowerSpy.d [Kaspersky Lab]	6
Spyware.PowerSpy [PC Tools]	6
Spyware.YahooSpyMon [Symantec]	6
Generic.dx!o [McAfee]	5
Spyware-PowerSpy [McAfee]	5
Trojan.Generic [Ikarus]	5
Gen.Trojan [Ikarus]	4
Generic Keylogger.r [McAfee]	4
New Malware.d [McAfee]	4
not-a-virus:Monitor.Win32.PowerSpy.cx [Kaspersky Lab]	4
Spyware.MSNSpyMonitor [Symantec]	4
TROJ_NEWHEUR.BK [Trend Micro]	4
Trojan.Win32.Agent.bsgv [Kaspersky Lab]	4
Trojan.Win32.VB [Ikarus]	4
Trojan.Win32.VB.gtp [Kaspersky Lab]	4
Trojan-Clicker.Win32.VB.cvd [Kaspersky Lab]	4
Trojan-Downloader.Win32.VB [Ikarus]	4
Trojan-Dropper.Win32.VB.lcl [Kaspersky Lab]	4
Trojan-Spy.Win32.VB.wl [Ikarus]	4
Trojan-Spy.Win32.VB.wl [Kaspersky Lab]	4
W32/Generic.worm!im [McAfee]	4
Win-Trojan/Downloader.57344.BN [AhnLab]	4
Win-Trojan/Xema.114688.D [AhnLab]	4
IM-Worm.Win32.VB [Ikarus]	3
Trojan.Flush.A [Symantec]	3
Trojan.VB.DYKC [PC Tools]	3
Trojan.Win32.VB.atg [Kaspersky Lab]	3
Trojan:Win32/Eson.D [Microsoft]	3
Trojan-Downloader.Win32.VB.pls [Kaspersky Lab]	3
W32.SillyFDC [Symantec]	3
Win32.SuspectCrc [Ikarus]	3
Worm.Win32.AutoRun.djv [Kaspersky Lab]	3
WORM_SILLY.GA [Trend Micro]	3
Application.007_Keylogger [PC Tools]	2
Backdoor:Win32/Woupkel.A [Microsoft]	2
Downloader [Symantec]	2
Email-Worm.Win32.VB.cb [Kaspersky Lab]	2
Gen.Application [Ikarus]	2
Generic PWS.g [McAfee]	2
Keylog.gen [McAfee]	2
New Malware.bl [McAfee]	2
not-a-virus:Monitor.Win32.007SpySoft.306 [Kaspersky Lab]	2
not-a-virus:Monitor.Win32.PowerSpy.az [Kaspersky Lab]	2
Spyware.007Spy [Symantec]	2
Spyware.WebSpy [Symantec]	2
Spyware-007 [McAfee]	2
Trojan.Agent!sd6 [PC Tools]	2
Trojan.Win32.VB.utk [Kaspersky Lab]	2
Trojan:Win32/Meredrop [Microsoft]	2
Trojan:Win32/VB [Microsoft]	2
Trojan-Downloader.Win32.Genome.xnz [Kaspersky Lab]	2
Trojan-Downloader.Win32.VB.mng [Kaspersky Lab]	2
Trojan-Spy.Win32.VB.bjk [Kaspersky Lab]	2
W32.SillyWNSE [Symantec]	2
Win-Trojan/IRCBot.1245184 [AhnLab]	2
WORM_VB.AJI [Trend Micro]	2
Adware.Gen [Symantec]	1
Backdoor.IRC.Bot [Symantec]	1
Backdoor.Trojan [Symantec]	1
Backdoor.VB.EEGD [PC Tools]	1

Mal/VB-G [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	86
	Spain	32
	Egypt	5
	Iraq	4
	Republic of Korea	4
	Saudi Arabia	4
	Italy	3
	France	2
	Iran	2
	Turkey	2
	Netherlands	1
	Oman	1
	United Arab Emirates	1

Mal/VB-G [Sophos] is known to be created as:

%ProgramFiles%\e.s.m\data\dpnsvre.exe

%ProgramFiles%\e.s.m\data\vssvce.exe

%ProgramFiles%\ksm\data\dpnsvrk.exe

%ProgramFiles%\ksm\data\vssvck.exe

%ProgramFiles%\msncs\data\dpnsvrm.exe

%ProgramFiles%\msncs\data\vssvcm.exe

%ProgramFiles%\pscs\data\eventwin.exe

%ProgramFiles%\skpcs\data\eventsys.exe

%ProgramFiles%\skpcs\data\symserv.exe

%ProgramFiles%\tsp\data\hphostc.exe

%ProgramFiles%\tsp\data\symserv.exe

%ProgramFiles%\wsm\data\dpnsvru.exe

%ProgramFiles%\wsm\data\vssvcu.exe

%ProgramFiles%\ysm\data\dpnsvry.exe

%ProgramFiles%\ysm\data\vssvcy.exe

%Programs%\startup\realshed.exe

%System%\1025\1025.exe

%System%\1028\1028.exe

%System%\1031\1031.exe

%System%\1033\1033.exe

%System%\1037\1037.exe

%System%\1041\1041.exe

%System%\1042\1042.exe

%System%\1054\1054.exe

%System%\2052\2052.exe

%System%\3076\3076.exe

%System%\3361\svchost.exe

%System%\3com_dmi\3com_dmi.exe

%System%\adsnwe.exe

%System%\adsnwk.exe

%System%\adsnwm.exe

%System%\adsnwu.exe

%System%\adsnwy.exe

%System%\autolem.exe

%System%\btmcd.dll

%System%\bttnserv.exe

%System%\catroot\catroot.exe

%System%\catroot2\catroot2.exe

%System%\com\com.exe

%System%\defender\svchost.exe

%System%\dhcp\dhcp.exe

%System%\directx\dinput\dinput.exe

%System%\directx\directx.exe

%System%\dllcache\dllcache.exe

%System%\dllcache\smnpcl.dll

%System%\dllcache\svchost.exe

%System%\drivers\drivers.exe

%System%\drivers\spoolsv.exe

%System%\drivers\svchost.exe

%System%\evilkeylogger.exe

%System%\grouppolicy\bttnserv.exe

%System%\hhupdate.exe

%System%\ieakui.exe

%System%\imgrdir\svchost.exe

%System%\maxthon.exe

%System%\n.exe

%System%\scvhost.exe

%System%\sdgames.exe

%System%\setup\svchost.exe

%System%\svch0st.exe

%System%\svchost.com

%System%\tcpmon.exe

%System%\updatewinc.exe

%System%\updatewind.exe

%System%\winlogon\winlogon.exe

%System%\winsys.scr

%Temp%\cacota.exe

%Temp%\ixp000.tmp\svchost.exe

%Temp%\kafan virlist 2009.04.02\090402-a-17.exe

%Temp%\tools\winlogon.exe

%Temp%\win.exe

%Temp%\wzse0.tmp\skla.exe

%Temp%\xinhu.exe

%UserProfile%\networklanxp.exe

%Windir%\dllcache\svchost.exe

%Windir%\inf\svchost.exe

%Windir%\n.exe

%Windir%\netsvc.exe

%Windir%\netui.exe

%Windir%\pictures.exe

%Windir%\rundll32.exe

%Windir%\svchost.com

%Windir%\svchost.exe

%Windir%\svchostx.exe

%Windir%\system\dllhost.com

%Windir%\system\frzstate.exe

%Windir%\system\sysdata.exe

%Windir%\system\terorist.exe

%Windir%\usrsvc.exe

%Windir%\winlogon.exe

%Windir%\www.exe

c:\mobimb.exe

c:\ntdetect.exe

c:\pictures.exe

c:\rundll32.exe

c:\sdgames.exe

c:\ssrcc\svchost.exe

c:\svchost.exe

c:\windowsupdate\ufp\kl7\svchost.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.