ThreatExpert's Statistics for Troj/Dloadr-CTC [Sophos]:

Troj/Dloadr-CTC [Sophos] is also known as:

Threat Alias	Number of Incidents
Infostealer [Symantec]	250
Trojan-PSW.Generic [PC Tools]	173
PWS:Win32/Fignotok.A [Microsoft]	143
Win-Trojan/Dybalom.32768.B [AhnLab]	101
Win-Trojan/Downloader.20992.HH [AhnLab]	100
Downloader-BTI [McAfee]	98
Trojan-Downloader.Win32.Small.almj [Kaspersky Lab]	98
PWS:Win32/Strpasseal.B [Microsoft]	85
Generic Dropper.ny [McAfee]	72
Trojan-PSW.Win32.Dybalom.afm [Kaspersky Lab]	72
Trojan-Downloader.Win32.Small [Ikarus]	66
Generic Downloader!hv.x [McAfee]	64
Trojan-PWS.Win32.Dybalom [Ikarus]	26
Trojan-PSW.Win32.Dybalom.bcx [Kaspersky Lab]	9
Trojan-PSW.Win32.Dybalom.bfw [Kaspersky Lab]	9
PWS:Win32/Fignotok.B [Microsoft]	6
Trojan-PSW.Win32.Dybalom.bnw [Kaspersky Lab]	6
Trojan-PSW.Win32.Dybalom.aoj [Kaspersky Lab]	3
Mal/Generic-A [Sophos]	2
Trojan-PSW.Win32.Dybalom.aek [Kaspersky Lab]	2
Trojan-PSW.Win32.Dybalom.bdc [Kaspersky Lab]	2
Trojan-PSW.Win32.Dybalom.bdw [Kaspersky Lab]	2
Trojan-PSW.Win32.Dybalom.bna [Kaspersky Lab]	2
Trojan-PSW.Win32.Dybalom.bns [Kaspersky Lab]	2
Trojan-PSW.Win32.Dybalom.bqi [Kaspersky Lab]	2
PWS.Win32 [Ikarus]	1
Trojan.Zlob [Ikarus]	1
Trojan-Downloader.Win32.Small.jso [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.afx [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bew [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bfb [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bgb [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bgh [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bhi [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.bii [Kaspersky Lab]	1
Trojan-PSW.Win32.Dybalom.ol [Kaspersky Lab]	1
W32.Spybot.Worm [Symantec]	1
Win-Trojan/Downloader.21001 [AhnLab]	1
Win-Trojan/Dybalom.32768.I [AhnLab]	1

Troj/Dloadr-CTC [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Spain	96
	Germany	1

Troj/Dloadr-CTC [Sophos] is known to be created as:

%InternetCache%\33978.exe

%InternetCache%\34104.exe

%InternetCache%\4.exe

%InternetCache%\51490.exe

%InternetCache%\70501.exe

%InternetCache%\78554949.exe

%System%\gallery.exe

%Temp%\01.exe

%Temp%\1.exe

%Temp%\12.exe

%Temp%\13339.exe

%Temp%\55045.exe

%Temp%\59610.exe

%Temp%\825550aaaa.exe

%Temp%\86161.exe

%Temp%\91921.exe

%Temp%\cryptedfile.exe

%Temp%\decrypted.exe

%Temp%\dropp.exe

%Temp%\ee.exe

%Temp%\explore.exe

%Temp%\explorer.exe

%Temp%\f.exe

%Temp%\file5.exe

%Temp%\filetmp.exe

%Temp%\hack.exe

%Temp%\istealer_test.exe

%Temp%\istealer-server.exe

%Temp%\ixp000.tmp\aa.exe

%Temp%\otygh.exe

%Temp%\out.exe

%Temp%\sarah_pics.exe

%Temp%\stub.exe

%Temp%\svchost.exe

%Temp%\tmp.exe

%Temp%\wintempfile.exe

c:\0jpz.exe

c:\stub.exe

Notes:

%InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).