ThreatExpert's Statistics for Trojan.Win32.FakeXPA [Ikarus]:

Trojan.Win32.FakeXPA [Ikarus] is also known as:

Threat Alias	Number of Incidents
Trojan:Win32/FakeXPA [Microsoft]	73
Generic Dropper.bw [McAfee]	22
Mal/Generic-A [Sophos]	21
Packed.Generic.187 [Symantec]	16
Mal/EncPk-KH [Sophos]	15
AntiVirus2009 [Symantec]	14
Trojan Horse [Symantec]	14
PWS:Win32/Zbot.gen!R [Microsoft]	12
Mal/FakeAV-I [Sophos]	9
Downloader.MisleadApp [Symantec]	8
Generic FakeAlert.a [McAfee]	8
Trojan.Fakeavalert [Symantec]	7
FakeAlert-DI [McAfee]	6
PWS:Win32/Zbot.G [Microsoft]	6
Trojan.Dropper [Symantec]	6
Win-Trojan/Bredolab.40448.AD [AhnLab]	6
Trojan-Downloader.Win32.Agent.blaq [Kaspersky Lab]	5
AntiVirus2008 [Symantec]	4
FakeAlert-av360 [McAfee]	4
Generic.dx [McAfee]	4
Mal/FakeAV-V [Sophos]	4
Mal/FakeVirPk-A, Mal/FakeAV-I [Sophos]	4
not-a-virus:FraudTool.Win32.XpPoliceAntivirus.a [Kaspersky Lab]	4
PWS:Win32/Zbot.PG [Microsoft]	4
RealAV [Symantec]	4
RogueAntiSpyware.AntiVirusPro [PC Tools]	4
Trojan-Spy.Win32.Zbot.abia [Kaspersky Lab]	4
Downloader [Symantec]	3
Generic Downloader.x [McAfee]	3
Generic FakeAlert!cd [McAfee]	3
Generic PUP.x [McAfee]	3
Mal/FakeAV-I, Mal/EncPk-CZ [Sophos]	3
Packed.Win32.Katusha.b [Kaspersky Lab]	3
Suspicious.MH690 [Symantec]	3
Trojan.Generic [PC Tools]	3
TrojanDownloader:Win32/Obitel.G [Microsoft]	3
Trojan-Spy.Win32.Zbot.acun [Kaspersky Lab]	3
Win-Trojan/Xema.variant [AhnLab]	3
FakeAlert-AB.dldr [McAfee]	2
FakeAlert-AB.gen.a [McAfee]	2
FakeAlert-WinwebSecurity.gen [McAfee]	2
Generic FakeAlert.c [McAfee]	2
Infostealer [Symantec]	2
Infostealer.Banker.C [Symantec]	2
Mal/FakeAV-Y [Sophos]	2
Mal/FakeVirPk-A [Sophos]	2
not-a-virus:FraudTool.Win32.SecurityCenter.as [Kaspersky Lab]	2
Packed.Generic.240 [Symantec]	2
PWS.Win32 [Ikarus]	2
PWS:Win32/Zbot.M [Microsoft]	2
PWS:Win32/Zbot.PI [Microsoft]	2
SecurityRisk.Downldr [Symantec]	2
Spy-Agent.bw [McAfee]	2
Troj/FakeAv-IT [Sophos]	2
Troj/FakeAV-NX [Sophos]	2
Trojan.FakeAlert [PC Tools]	2
Trojan:Win32/FakePlus [Microsoft]	2
Trojan-Downloader.MisleadApp!sd6 [PC Tools]	2
Trojan-Downloader.Win32.FraudLoad.dzm [Kaspersky Lab]	2
TrojanDownloader:Win32/Renos.BAO [Microsoft]	2
Trojan-Spy.Win32.Zbot [Ikarus]	2
Trojan-Spy.Win32.Zbot.aanm [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aaps [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.aaud [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.acne [Kaspersky Lab]	2
Trojan-Spy.Win32.Zbot.zzg [Kaspersky Lab]	2
Win-Trojan/Downloader.152064.D [AhnLab]	2
Win-Trojan/Fraudload.53278 [AhnLab]	2
Win-Trojan/Katusha.253963 [AhnLab]	2
Win-Trojan/Zbot.83456.D [AhnLab]	2
Win-Trojan/ZBot.89088.D [AhnLab]	2
Win-Trojan/Zbot.96256 [AhnLab]	2
XPAntivirus [Symantec]	2
FakeAlert-AB [McAfee]	1
FakeAlert-av2009.gen.a [McAfee]	1
FakeAlert-CN [McAfee]	1
FakeAlert-HI [McAfee]	1
Generic Downloader.x!yv [McAfee]	1
Generic FakeAlert.b [McAfee]	1
Generic PUP.z [McAfee]	1
Generic PWS.y!if [McAfee]	1
Generic PWS.y!vx [McAfee]	1
Mal/EncPk-CZ [Sophos]	1
Mal/EncPk-II, Mal/FakeAV-AS [Sophos]	1
Mal/EncPk-IS [Sophos]	1
Mal/EncPk-JY, Mal/EncPk-IS [Sophos]	1
Mal/FakeAV-AA [Sophos]	1
Mal/FakeAV-BD, Mal/EncPk-JY [Sophos]	1
New Malware.h [McAfee]	1
not-a-virus:Downloader.Win32.Antivirus2009.bo [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Agent.el [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.ap [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.ay [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.be [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.bg [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.bo [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.bx [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.cd [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.ch [Kaspersky Lab]	1
not-a-virus:FraudTool.Win32.Antivirus2009.dk [Kaspersky Lab]	1

Trojan.Win32.FakeXPA [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	28
	Ukraine	18

Trojan.Win32.FakeXPA [Ikarus] is known to be created as:

%AppData%\nsvcappflt.exe

%ProgramFiles%\as\avs.exe

%ProgramFiles%\pav\pav.exe

%System%\mkrnl.exe

%System%\msupdate.exe

%System%\restorer32_a.exe

%System%\sdra64.exe

%System%\twex.exe

%System%\wbem\proquota.exe

%System%\wsdt.exe

%System%\xppolice.exe

%Temp%\av1two.exe

%Temp%\mradll.exe

%Temp%\restorer32_a.exe

%Temp%\tsc.exe

%Temp%\wstech.dll

%UserProfile%\restorer32_a.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).