Threat Search: 

ThreatExpert's Statistics for Trojan.ATRAPS [Ikarus]:

Trojan.ATRAPS [Ikarus] is also known as:
Threat AliasNumber of Incidents
Mal/Generic-A [Sophos]275
Downloader [Symantec]241
Downloader.Generic [PC Tools]144
Trojan.Win32.Agent2.cmko [Kaspersky Lab]48
Mal/Behav-112 [Sophos]42
Trojan Horse [Symantec]27
Infostealer.Gampass [Symantec]20
Trojan-PSW.Gampass [PC Tools]20
Mal/Basine-C [Sophos]18
Generic Downloader.x!cak [McAfee]16
Win-Trojan/Agent2.27648.L [AhnLab]16
Trojan-GameThief.Win32.OnLineGames.bnbw [Kaspersky Lab]15
Trojan.Generic [PC Tools]11
Win-Trojan/Atraps.13312.C [AhnLab]9
Trojan-Proxy.Win32.Agent.bvr [Kaspersky Lab]6
New Malware.cj [McAfee]5
Troj/PrvCnt-Gen [Sophos]5
Trojan:Win32/PrivacyCenter [Microsoft]5
Generic.dx!egm [McAfee]4
not-a-virus.Keygen.Nero [Ikarus]4
Spyware.Keylogger [Symantec]4
Generic.dx [McAfee]3
Mal/Behav-053 [Sophos]3
Trojan.Dropper [PC Tools]3
Backdoor.Trojan [Symantec]2
Infostealer [Symantec]2
Infostealer.Bancos [Symantec]2
Mal/Banspy-F [Sophos]2
Mal/Behav-291 [Sophos]2
Mal/BHO-J [Sophos]2
Trojan.Dropper [Symantec]2
Trojan.FakeAV [PC Tools]2
Trojan.FakeAV [Symantec]2
Trojan.Win32.Midgare.soq [Kaspersky Lab]2
TrojanDropper:Win32/Delf.BH [Microsoft]2
Virus.Win32.Sality.l [Kaspersky Lab]2
Win-Trojan/Atraps.4096 [AhnLab]2
Win-Trojan/Xema.variant [AhnLab]2
Backdoor.Bifrose [Symantec]1
Backdoor.Portless [PC Tools]1
Backdoor.Win32.VB.jsi [Kaspersky Lab]1
Backdoor:Win32/Portless.gen!A [Microsoft]1
BackDoor-CMQ [McAfee]1
Bloodhound.Bancos.1 [Symantec]1
DNSChanger.c [McAfee]1
Dropper/Agent.148992.H [AhnLab]1
Dropper/Interlac.160268 [AhnLab]1
Generic BackDoor [McAfee]1
Generic Downloader.c [McAfee]1
Generic Dropper.hc [McAfee]1
Generic packed [McAfee]1
Generic PWS.y [McAfee]1
Generic PWS.y!bhc [McAfee]1
Generic VB.c [McAfee]1
Generic.dx!dus [McAfee]1
Generic.dx!nxt [McAfee]1
Generic.dx!qp [McAfee]1
Hacktool.Spammer [Symantec]1
HackTool.Win32.Crypt.n [Kaspersky Lab]1
HackTool.Win32.KKFinder.s [Kaspersky Lab]1
HeurEngine.Bancos [PC Tools]1
Infostealer.Bancos.gen [Symantec]1
Infostealer.Lemir.Gen [Symantec]1
Infostealer.Menghuan [Symantec]1
Mal/Behav-103, Mal/Behav-043 [Sophos]1
Mal/Behav-188 [Sophos]1
Mal/Behav-328 [Sophos]1
Mal/Emogen-F [Sophos]1
Mal/Emogen-Y [Sophos]1
Mal/Inet-Fam, Mal/Packer [Sophos]1
MultiDropper-FI [McAfee]1
New Malware.b [McAfee]1
New Malware.hi [McAfee]1
not-a-virus:FraudTool.Win32.Agent.alo [Kaspersky Lab]1
not-a-virus:FraudTool.Win32.PrivacyCenter.hv [Kaspersky Lab]1
not-a-virus:Monitor.Win32.ActualSpy.30 [Kaspersky Lab]1
not-a-virus:Monitor.Win32.ActualSpy.jt [Kaspersky Lab]1
PE_CORELINK.C-1 [Trend Micro]1
PE_SALITY.AE [Trend Micro]1
Possible_Virus [Trend Micro]1
PWS:Win32/Prast!rts [Microsoft]1
Spam-Mailbot.l [McAfee]1
Spyware.ActualSpy [Symantec]1
Spyware-ActualSpy [McAfee]1
Suspicious.MH690 [Symantec]1
Tool:Win32/Dnschanger.K [Microsoft]1
Troj/Notify-B [Sophos]1
Trojan.Agent2.cglu [PC Tools]1
Trojan.Buzus [PC Tools]1
Trojan.KillAV [Symantec]1
Trojan.Win32.Agent.ahgq [Kaspersky Lab]1
Trojan.Win32.Agent2.htc [Kaspersky Lab]1
Trojan.Win32.Chinaad.ty [Kaspersky Lab]1
Trojan.Win32.Dialer.vdr [Kaspersky Lab]1
Trojan.Win32.FakeAV [Ikarus]1
Trojan.Win32.Koblu.lb [Kaspersky Lab]1
Trojan.Win32.MicroFake.n [Kaspersky Lab]1
Trojan.Win32.Qhost.mqt [Kaspersky Lab]1
Trojan.Win32.Starter.gq [Kaspersky Lab]1
Trojan.Win32.Vilsel.ouq [Kaspersky Lab]1

Trojan.ATRAPS [Ikarus] has the following possible countries of origin:
OriginNumber of Incidents
China54
Brazil11
Russian Federation6
United Kingdom4
Sweden3
Germany2
Republic of Korea2
France1
Italy1
Poland1
Portugal1
Switzerland1
Taiwan1
Turkey1

Trojan.ATRAPS [Ikarus] is known to be created as:
%AppData%\45.exe
%AppData%\pc\agent.exe
%AppData%\pc\pc.exe
%CommonPrograms%\actual spy\actualspy.exe
%CommonPrograms%\actualspy\actualspy.exe
%ProgramFiles%\cashon\icons\totalicon.dll
%ProgramFiles%\elfbot ng\loader.exe
%ProgramFiles%\henqu\setinfo.exe
%ProgramFiles%\i8tech\system guard\shield.dll
%ProgramFiles%\mpsoft\charge\client\shield.dll
%ProgramFiles%\wtovpn\vpnclient.dll
%System%\0433vpn\vpnclient.dll
%System%\ctfmon_bi.exe
%System%\ctfmon_fn.exe
%System%\ctfmon_sk.exe
%System%\ctfmon_tk.exe
%System%\dxvars.dll
%System%\ipcmd.dll
%System%\keymaker.exe
%System%\kk.exe
%System%\olemaskvr.dll
%System%\rsend.exe
%System%\sysdiag.dll
%System%\wab.exe
%System%\wiawow32.sys
%System%\winntcmd_2_0.dll
%Temp%\exqh.dll
%Temp%\ixp000.tmp\keymaker.exe
%Temp%\jgl_rt\jproweb.exe
%Temp%\kafan virlist 2009.04.08\090408-4-1.exe
%Temp%\keymaker.exe
%Temp%\praf.dll
%Temp%\zpskon_1260296392.exe
%Temp%\zpskon_1260446350.exe
%Temp%\zpskon_1260458739.exe
%Temp%\zpskon_1260532766.exe
%Temp%\zpskon_1260533103.exe
%Temp%\zpskon_1260536205.exe
%Temp%\zpskon_1260536254.exe
%Temp%\zpskon_1260542328.exe
%Temp%\zpskon_1260542722.exe
%Temp%\zpskon_1260551598.exe
%Temp%\zpskon_1260589431.exe
%Temp%\zpskon_1260627713.exe
%Temp%\zpskon_1260664882.exe
%Temp%\zpskon_1260767977.exe
%Temp%\zpskon_1261427129.exe
%Windir%\services.exe
c:\inetpub.exe
c:\recycle.{645ff040-5081-101b-9f08-00aa002f954e}\recycle.exe
c:\smenu\shield.dll
c:\windows.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.