Threat Search: 

ThreatExpert's Statistics for Suspicious.MH690 [Symantec]:

Suspicious.MH690 [Symantec] is also known as:
Threat AliasNumber of Incidents
Keylog-Perfect.dldr [McAfee]781
Mal/Generic-A [Sophos]725
Application.Perfect_Keylogger [PC Tools]719
not-a-virus:Monitor.Win32.Perflogger.cb [Kaspersky Lab]690
Packed/Upack [AhnLab]423
New Malware.aj [McAfee]386
TrojanDownloader:Win32/Agent.FZ [Microsoft]361
Mal/Packer [Sophos]327
Spyware.Perfect [Symantec]327
Trojan-Spy.Win32.Perfloger.ab [Ikarus]268
Trojan-PWS.Win32.QQPass [Ikarus]267
Trojan-Spy.Banker [Ikarus]246
Generic.dx [McAfee]235
Win-Trojan/Hupigon.Gen [AhnLab]208
Mal/Packer, Mal/Behav-024, Mal/Behav-204, Mal/Behav-009 [Sophos]196
Win32.SuspectCrc [Ikarus]181
Mal/Banker-E [Sophos]151
New Malware.n [McAfee]144
Win-Trojan/Xema.variant [AhnLab]143
Trojan-Downloader.Win32.Banload [Ikarus]133
Mal/Packer, Mal/EncPk-BW [Sophos]119
Trojan-Dropper.Agent [Ikarus]119
Virus.Win32.OnLineGames.AHK [Ikarus]115
Mal/HckPk-A [Sophos]105
Trojan.Crypt [Ikarus]105
not-a-virus:Monitor.Win32.Perflogger [Ikarus]104
Mal/TibsPk-A [Sophos]100
Win-Trojan/OnlineGameHack.B [AhnLab]99
Trojan-Spy.Win32.Banker.anv [Ikarus]89
Trojan Horse [Symantec]88
Mal/Behav-204 [Sophos]87
Trojan.Win32.Agent [Ikarus]85
Trojan-Dropper.Win32.Malf [Ikarus]83
Spy-Agent.cv [McAfee]80
Trojan-Spy.Win32.Perfloger.ab [Kaspersky Lab]70
Trojan-Spy.Win32.Ardamax [Ikarus]66
VirTool.Win32.DelfInject [Ikarus]64
Mal/Zlob-AG [Sophos]62
PWS:Win32/Stealer.M [Microsoft]61
Trojan.Generic [Ikarus]61
Backdoor.Win32.Hupigon [Ikarus]60
TROJ_ZLOB.AKT [Trend Micro]56
Mal/Behav-328, Mal/Emogen-I, Mal/Behav-009 [Sophos]54
Mal_Banker [Trend Micro]53
Win32/MalPackedB.suspicious [AhnLab]52
Trojan-Dropper.Win32.Agent.anpx [Kaspersky Lab]50
Trojan-PWS.OnlineGames.ADRD [PC Tools]50
W32/Spybot.worm!a [McAfee]50
New Malware.u [McAfee]49
Trojan-Banker.Win32.Banbra.rcp [Kaspersky Lab]49
Trojan-Downloader.Win32.VB.lih [Kaspersky Lab]49
Backdoor.Win32.IRCBot [Ikarus]48
Trojan-Downloader.VB!sd6 [PC Tools]48
PWS-Banker.gen.dh.dldr [McAfee]47
Trojan:Win32/Glox.gen!damaged [Microsoft]47
VirTool:Win32/DelfInject.gen!AQ [Microsoft]47
Trojan.Generic [PC Tools]46
Trojan-Dropper.Win32.Agent.amle [Kaspersky Lab]46
Virus.Win32.Crypt.CIK [Ikarus]46
Infostealer.Gampass [Symantec]45
Trojan:Win32/Meredrop [Microsoft]45
Trojan:Win32/Tibs.IT [Microsoft]45
Mal/EncPk-BU, Mal/Packer, Mal/EncPk-BA [Sophos]44
Mal/EncPk-FO [Sophos]44
VirTool:Win32/Injector.gen!AD [Microsoft]44
Win-Trojan/Buzus.229864 [AhnLab]44
New Malware.bl [McAfee]43
TROJ_FAKEAV.AC [Trend Micro]43
Trojan-Banker.Win32.Banker [Ikarus]43
TSPY_ARDAMAX.HR [Trend Micro]43
New Win32 [McAfee]42
Downloader [Symantec]41
Mal/Behav-328, Mal/Behav-103, Mal/Behav-043 [Sophos]41
Mal/Behav-103, Mal/Behav-043 [Sophos]40
TrojanDownloader:Win32/Renos.JH [Microsoft]40
Trojan-GameThief.Win32.OnLineGames [Ikarus]40
Trojan-Spy.Win32.Ardamax.t [Kaspersky Lab]40
Virus.Win32.Trojan [Ikarus]40
Cryp_PESpin [Trend Micro]38
Trojan-Spy.Win32.Pophot [Ikarus]38
VirTool:Win32/DelfInject.gen!AC [Microsoft]38
Gen.Trojan [Ikarus]37
Generic.PWS.Games [Ikarus]37
Infostealer [Symantec]37
Trojan.Win32.Midgare.mqa [Kaspersky Lab]37
Trojan.Win32.Bohmini.A [Ikarus]36
Win-Trojan/Midgare.34685 [AhnLab]36
PWS-Mmorpg.gen [McAfee]35
Trojan-Spy.Win32.Ardamax.n [Kaspersky Lab]35
TSPY_ARDAMAX.GA [Trend Micro]35
VirTool.Win32.Injector [Ikarus]35
Mal/Basine-C [Sophos]34
Packed.Win32.Klone [Ikarus]34
Trojan-Dropper.Win32.Comotor [Ikarus]34
AdWare.Win32.BHO [Ikarus]33
Trojan.Win32.Buzus.bzes [Kaspersky Lab]33
Mal/Behav-130 [Sophos]32
Mal/Dropper-T [Sophos]32
Packer.PESpin [Ikarus]32
W32/Koobfa-Gen [Sophos]32

Suspicious.MH690 [Symantec] has the following possible countries of origin:
OriginNumber of Incidents
China1,004
Brazil925
Russian Federation285
United Kingdom111
Germany54
Spain28
Israel23
Sweden23
France13
Italy12
Netherlands10
Portugal10
Republic of Korea7
Ukraine6
Australia4
Poland4
Saudi Arabia4
Taiwan4
Turkey3
Bulgaria2
Czech Republic2
Syria2
Belgium1
Canada1
Colombia1
Egypt1
Finland1
Indonesia1
Ireland1
Japan1
Mexico1
Norway1
Switzerland1

Suspicious.MH690 [Symantec] is known to be created as:
%AppData%\accey.exe
%AppData%\av.exe
%AppData%\bifrost\server.exe
%AppData%\cftmon.exe
%AppData%\csrss.exe
%AppData%\event.exe
%AppData%\file.exe
%AppData%\iexpress\bin\iexpressr.exe
%AppData%\ikrelh\uiucsysguard.exe
%AppData%\inetinfo.exe
%AppData%\lsas.exe
%AppData%\lsass.exe
%AppData%\microsoft\csrss.exe
%AppData%\microsoft\lsass.exe
%AppData%\microsoft\smss.exe
%AppData%\microsoft\winlog.exe
%AppData%\ptssvc.exe
%AppData%\rmeckq\dioisysguard.exe
%AppData%\s03-7323-geynawt-2623-tgaw\winlogon.exe
%AppData%\service.exe
%AppData%\services.exe
%AppData%\smss.exe
%AppData%\sserv.exe
%AppData%\svchost.exe
%AppData%\taskeng.exe
%AppData%\winlogon.exe
%AppData%\winspools.exe
%CommonAppData%\11511564\11511564.exe
%CommonAppData%\11614374\11614374.exe
%CommonAppData%\11615004\11615004.exe
%CommonAppData%\11615154\11615154.exe
%CommonAppData%\11616094\11616094.exe
%CommonAppData%\11658434\11658434.exe
%CommonAppData%\11944534\11944534.exe
%CommonAppData%\11959844\11959844.exe
%CommonAppData%\11962034\11962034.exe
%CommonAppData%\12152184\12152184.exe
%CommonAppData%\12173904\12173904.exe
%CommonAppData%\2deb8\sm064.exe
%CommonAppData%\2deb8\vs064.exe
%CommonAppData%\e4a12b7\wee4a1.exe
%CommonAppData%\e4a12b7\wie4a1.exe
%CommonAppData%\e4a12b7\wse4a1.exe
%CommonPrograms%\startup\coffin.exe
%CommonPrograms%\startup\iexplorer.exe
%CommonPrograms%\startup\jvm0.exe
%CommonPrograms%\startup\mtr.exe
%CommonPrograms%\startup\svchost.exe
%CommonPrograms%\startup\sys_aupdate.exe
%CommonPrograms%\startup\woooow.exe
%FontsDir%\alg.exe
%FontsDir%\conime.exe
%FontsDir%\lsass.exe
%FontsDir%\note.exe
%FontsDir%\smss.exe
%FontsDir%\timpiatform.exe
%FontsDir%\unwise_.exe
%InternetCache%\75988.exe
%InternetCache%\98562.exe
%LocalSettings%\tempservices.exe
%Profiles%\208.exe
%Profiles%\28.exe
%Profiles%\9009.exe
%Profiles%\localservice\application data\880988682.exe
%Profiles%\lojk.exe
%ProgramFiles%\aggress\doorway generator\aggressdoorgen.exe
%ProgramFiles%\amok playlist copy\amokplaylistcopy.exe
%ProgramFiles%\avira\avira.exe
%ProgramFiles%\bifrost\a.exe
%ProgramFiles%\bifrost\icop.exe
%ProgramFiles%\bifrost\picture.exe
%ProgramFiles%\bifrost\server.exe
%ProgramFiles%\bifroxx\server.exe
%ProgramFiles%\common files\001.exe
%ProgramFiles%\common files\safesys.exe
%ProgramFiles%\common files\svchost.exe
%ProgramFiles%\common files\sysanti.exe
%ProgramFiles%\common files\system.exe
%ProgramFiles%\common files\system\ieupdates.exe
%ProgramFiles%\common files\system\qmc.exe
%ProgramFiles%\common files\xsafe.exe
%ProgramFiles%\dfsdfsd\kiss.exe
%ProgramFiles%\downfile\coopenad.exe
%ProgramFiles%\dtst\server.exe
%ProgramFiles%\eset\egui.exe
%ProgramFiles%\face maker\facemaker.exe
%ProgramFiles%\flash_8.exe
%ProgramFiles%\ftnd.exe
%ProgramFiles%\gene6 ftp server\g6ftptray.exe
%ProgramFiles%\hgzserver\svch0st.exe
%ProgramFiles%\internet explor\internet.exe
%ProgramFiles%\internet explorer\ielowutil2.exe
%ProgramFiles%\internet explorer\svcnost.exe
%ProgramFiles%\intitdll.exe
%ProgramFiles%\ipuser\topic.exe
%ProgramFiles%\java\java.exe
%ProgramFiles%\java\jre1.6.0_06\bin\javas.exe
%ProgramFiles%\loldamn\server.exe
%ProgramFiles%\meex.exe
%ProgramFiles%\messenger\server.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.