ThreatExpert's Statistics for PWS:Win32/Zbot.gen!R [Microsoft]:

PWS:Win32/Zbot.gen!R [Microsoft] is also known as:

Threat Alias	Number of Incidents
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]	875
Trojan-Spy.Win32.Zbot [Ikarus]	401
Infostealer.Banker.C [Symantec]	336
Mal/Zbot-O [Sophos]	336
Trojan.Zbot [PC Tools]	297
Packed.Generic.232 [Symantec]	259
Trojan.Zbot!gen3 [Symantec]	237
Spy-Agent.bw.gen.e [McAfee]	235
Mal/EncPk-LE [Sophos]	225
Troj/ZbotPP-Fam [Sophos]	144
HeurEngine.MaliciousPacker [PC Tools]	108
Mal/Generic-A [Sophos]	101
Generic PWS.y!bni [McAfee]	100
Win-Trojan/Zbot.139776.B [AhnLab]	100
Trojan.Zbot!gen2 [Symantec]	77
TSPY_ZBOT.SMJB [Trend Micro]	75
Trojan Horse [Symantec]	70
Troj/ZbotPP-Fam, Mal/EncPk-CZ [Sophos]	66
Win32/IRCBot.worm.variant [AhnLab]	66
Spy-Agent.bw.gen.d [McAfee]	61
Trojan-PSW.Banker [PC Tools]	55
Spy-Agent.eh [McAfee]	51
Mal/EncPk-LE, Mal/Behav-353 [Sophos]	50
PWS.Win32 [Ikarus]	46
Packed.Win32.Krap.w [Kaspersky Lab]	36
Troj/Zbot-DX [Sophos]	33
PWS-Zbot.gen.x [McAfee]	31
Generic PWS.y [McAfee]	25
Infostealer [Symantec]	25
Mal/Behav-353 [Sophos]	24
Spy-Agent.bw.gen.i [McAfee]	24
Packed.Generic.243 [Symantec]	23
Trojan.Generic [PC Tools]	23
PWS-Zbot [McAfee]	20
Mal/EncPk-KD [Sophos]	19
Packed.Win32.Krap [Ikarus]	19
Mal/FakeAV-AX [Sophos]	18
Packed.Generic.233 [Symantec]	18
Win-Trojan/Zbot.66048 [AhnLab]	18
Trojan.Win32.Bredolab [Ikarus]	15
Win-Trojan/Krap.104448.C [AhnLab]	15
Generic PWS.cf [McAfee]	14
PWS-Zbot.gen.i [McAfee]	14
Suspicious.MH690 [Symantec]	13
Trojan.Win32.Obfuscater [Ikarus]	13
Generic PWS.y!brd [McAfee]	12
Mal/Dorf-F [Sophos]	12
Mal/EncPk-IF [Sophos]	12
Mal/FakeVirPk-A [Sophos]	12
Trojan.Win32.FakeXPA [Ikarus]	12
TSPY_ZBOT.SM [Trend Micro]	12
Win32.SuspectCrc [Ikarus]	10
Infostealer.Bancos [Symantec]	9
Trojan-Spy.Win32.Zbot.len [Kaspersky Lab]	9
Trojan-Spy.Zbot [Ikarus]	9
Mal/Behav-043 [Sophos]	8
Mal/FakeVirPk-A, Mal/TibsPk-A [Sophos]	8
Packed.Win32.Krap.ao [Kaspersky Lab]	8
Trojan-Spy.Win32.Zbot.kbi [Kaspersky Lab]	8
Trojan-Spy.Zbot!sd6 [PC Tools]	8
Mal/Behav-353, Mal/EncPk-LE [Sophos]	7
Mal/EncPk-HZ [Sophos]	7
Mal/Generic-A, Mal/Zbot-O [Sophos]	7
Packed.Generic.234 [Symantec]	7
PWS-Zbot.gen.p [McAfee]	7
Trojan-Banker.Win32.Bancos [Ikarus]	7
Downloader-BON [McAfee]	6
Generic PWS.y!dp [McAfee]	6
Mal/EncPk-HP [Sophos]	6
Mal/EncPk-KH [Sophos]	6
Mal/FakeAV-BW, Mal/FakeAV-AX [Sophos]	6
Mal/WaledPak-A [Sophos]	6
New Malware.ix [McAfee]	6
PWS-Zbot.gen.al [McAfee]	6
Trojan.Win32.Zbot [Ikarus]	6
Trojan-Downloader.Win32.Cutwail [Ikarus]	6
Trojan-Spy.Win32.Zbot.rpe [Kaspersky Lab]	6
Trojan-Spy.Win32.Zbot.wtb [Kaspersky Lab]	6
Trojan-Spy.Win32.Zbot.zvy [Kaspersky Lab]	6
Trojan-Spy.Zeus [Ikarus]	6
Win-Trojan/Xema.variant [AhnLab]	6
Win-Trojan/Zbot.66560.Q [AhnLab]	6
Win-Trojan/Zbot.98304.B [AhnLab]	6
FakeAlert-DA [McAfee]	5
Generic PWS.y!rt [McAfee]	5
Trojan.Zbot [Symantec]	5
Trojan-Downloader.Win32.Piker [Ikarus]	5
Trojan-PSW.Generic [PC Tools]	5
Generic FakeAlert.d!gen [McAfee]	4
Generic PWS.y!blt [McAfee]	4
Generic PWS.y!bzc [McAfee]	4
Infostealer.Banker.E [Symantec]	4
Mal/BredoPk-B [Sophos]	4
Mal/EncPk-HH [Sophos]	4
Mal/EncPk-MZ [Sophos]	4
Packed.Win32.Krap.m [Kaspersky Lab]	4
Troj/Spy-EP [Sophos]	4
Trojan.Win32.Zlob [Ikarus]	4
Trojan-Spy.Banker!sd6 [PC Tools]	4
Trojan-Spy.Win32.Zbot.aajk [Kaspersky Lab]	4

PWS:Win32/Zbot.gen!R [Microsoft] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	46
	China	5
	Finland	2
	Italy	1
	Spain	1
	Taiwan	1

PWS:Win32/Zbot.gen!R [Microsoft] is known to be created as:

%System%\1.exe

%System%\bootwindows.exe

%System%\intel32.exe

%System%\intel64.exe

%System%\pavuppad.exe

%System%\run64dllsys.exe

%System%\sdra64.exe

%System%\twex.exe

%System%\unic128.exe

%System%\userinit32.exe

%System%\win32avs.exe

%System%\win32old.exe

%System%\win32z.exe

%System%\windows64.exe

%System%\word64main.exe

%Temp%\090614-3-0.exe

%Temp%\090618-1-4.exe

%Temp%\1111.exe

%Temp%\bot.exe

%Temp%\game.exe

%Temp%\kafan virlist 2009.03.08\090308-2-1.exe

%Temp%\ldr.exe

%Temp%\q2.exe

%Temp%\sdra64.exe

%Temp%\svchost.exe

%Temp%\tmp2.exe

%Temp%\uvrvggawt3.exe

%Templates%\winupdcenter.exe

%Windir%\crypted.exe

%Windir%\temp\rdl1.tmp.exe

%Windir%\temp\wpv051260187840.exe

%Windir%\temp\wpv601251296984.exe

%Windir%\temp\wpv821251296984.exe

%Windir%\temp\wpv841260187840.exe

%Windir%\temp\wpv951251296984.exe

%Windir%\temp\wpv971260187840.exe

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.