ThreatExpert's Statistics for Troj/RKProc-Fam [Sophos]:

Troj/RKProc-Fam [Sophos] is also known as:

Threat Alias	Number of Incidents
Generic.dx [McAfee]	74,932
VirTool:WinNT/Rootkitdrv.DH [Microsoft]	73,581
Hacktool.Rootkit [Symantec]	73,177
Rootkit.Win32.Agent [Ikarus]	71,549
Win-Trojan/Agent.11904.C [AhnLab]	68,681
Trojan-Downloader.Win32.Geral.ad [Kaspersky Lab]	42,453
Rootkit.Agent!sd6 [PC Tools]	39,783
Rootkit.Win32.Agent.fkt [Kaspersky Lab]	28,302
Rootkit.Farfli.GEN [PC Tools]	22,962
Rootkit.Win32.Agent.fia [Kaspersky Lab]	5,332
Hacktool.Rootkit!sd6 [PC Tools]	4,070
New Malware.an [McAfee]	875
Trojan.KillAV [PC Tools]	801
Trojan-Proxy.Win32.Agent.ox [Kaspersky Lab]	72
Trojan-Proxy.Win32.Agent [Ikarus]	64
Win-Trojan/Agent.3584.AQ [AhnLab]	64
Trojan:Win32/Trafog!rts [Microsoft]	40
Trojan-Proxy.Agent!sd5 [PC Tools]	40
Downloader [Symantec]	8
Application.XPCSpy [PC Tools]	6
Generic Downloader.x [McAfee]	6
Generic PWS.y [McAfee]	6
Trojan Horse [Symantec]	5
Backdoor.Formador [Symantec]	4
Backdoor:WinNT/PcClient.gen [Microsoft]	4
BackDoor-CKB.sys [McAfee]	4
MonitoringTool:Win32/XPCSpyPro [Microsoft]	4
Rootkit.Agent.AITY [Ikarus]	4
Spyware.XpcSpy [Symantec]	4
Trojan.Rkproc.AN [Ikarus]	4
Trojan:WinNT/AgentHide.A [Microsoft]	4
Backdoor.Win32.PcClient [Ikarus]	3
Backdoor.Win32.PcClient.wi [Kaspersky Lab]	3
VirTool:WinNT/Dogrobot.gen!K [Microsoft]	3
Backdoor.Win32.NTRootKit.040 [Kaspersky Lab]	2
BackDoor-CKB.sys.gen [McAfee]	2
BKDR_PCCLIENT.RF [Trend Micro]	2
Generic PUP.x [McAfee]	2
Hacktool.WNT.Rootkit [Symantec]	2
NTRootKit-A [McAfee]	2
Rootkit.NT_Rootkit [PC Tools]	2
Rootkit.Win32.Agent.eso [Kaspersky Lab]	2
TROJ_ROOTKIT.DLL [Trend Micro]	2
Trojan-Downloader.Win32.Agent.aiya [Kaspersky Lab]	2
Backdoor.PCclient [PC Tools]	1
Backdoor.PcClient.ALB [PC Tools]	1
Backdoor.Trojan [Symantec]	1
Backdoor.Win32.NTRootKit [Ikarus]	1
Backdoor.Win32.PcClient.ii [Kaspersky Lab]	1
Backdoor.Win32.PcClient.sr [Kaspersky Lab]	1
Email-Worm.Bagle!sd5 [PC Tools]	1
Email-Worm.Win32.Bagle [Ikarus]	1
Email-Worm.Win32.Bagle.hj [Kaspersky Lab]	1
NTRootKit-W [McAfee]	1
Rootkit [Ikarus]	1
Rootkit.Win32.Agent.et [Ikarus]	1
Rootkit.Win32.Agent.et [Kaspersky Lab]	1
Rootkit.Win32.Agent.fqm [Kaspersky Lab]	1
Rootkit.Win32.Woshi.a [Kaspersky Lab]	1
Trojan.Agent.BVSJ [PC Tools]	1
Trojan.Rkproc.CG [Ikarus]	1
Trojan.Rkproc.CW [Ikarus]	1
Trojan:Win32/Defense [Microsoft]	1
Trojan:Win32/Rkproc.A [Microsoft]	1
VirTool:WinNT/Higlieder.gen!A [Microsoft]	1
VirTool:WinNT/Piptim [Microsoft]	1
VirTool:WinNT/Rootkitdrv.CN [Microsoft]	1
VirTool:WinNT/Rootkitdrv.CO [Microsoft]	1
VirTool:WinNT/Rootkitdrv.gen!FX [Microsoft]	1
W32.Beagle.DZ [Symantec]	1
Win-Trojan/NTRootKit_v040 [AhnLab]	1
Win-Trojan/Xema.variant [AhnLab]	1

Troj/RKProc-Fam [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	China	1
	Republic of Korea	1

Troj/RKProc-Fam [Sophos] is known to be created as:

%ProgramFiles%\bfuqheen.sys

%ProgramFiles%\xsoft\xworking\rsrsys.sys

%System%\drivers\pcidump.sys

%System%\drivers\termwdsif.sys

%System%\drivers\winmons.sys

%System%\drivers\wsnpoem.sys

%System%\drivers\xalhbkwd.sys

%System%\drivers\yqfprhqr.sys

%System%\winio.sys

%Temp%\_root_.sys

%Temp%\_root_040\_root_.sys

%Temp%\svchost.sys

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).