ThreatExpert's Statistics for Trojan.Win32.Refroso [Ikarus]:

Trojan.Win32.Refroso [Ikarus] is also known as:

Threat Alias	Number of Incidents
VirTool:Win32/Injector.gen!AG [Microsoft]	86
BackDoor-EEF [McAfee]	68
VirTool:Win32/Injector.gen!AD [Microsoft]	52
Mal/Generic-A [Sophos]	44
Trojan Horse [Symantec]	44
Mal/EncPk-JU [Sophos]	40
Trojan-Downloader.Win32.Pher.xx [Kaspersky Lab]	33
Downloader [Symantec]	32
Trojan.Win32.Refroso.ktw [Kaspersky Lab]	32
BackDoor-EBI.gen [McAfee]	23
Backdoor.Trojan [Symantec]	21
Win-Trojan/Refroso.22016 [AhnLab]	17
BackDoor-EEC [McAfee]	15
Mal/Behav-103, Mal/Behav-043 [Sophos]	14
Trojan.Win32.Refroso.bex [Kaspersky Lab]	13
Downloader-BTI [McAfee]	11
Troj/Bifrose-XZ [Sophos]	11
VirTool:Win32/CeeInject.gen!AK [Microsoft]	11
BackDoor-EBI [McAfee]	10
Trojan-PSW.Win32.Dybalom.bu [Kaspersky Lab]	10
VirTool:Win32/CeeInject.gen!AE [Microsoft]	9
Trojan.Generic [PC Tools]	6
Trojan:Win32/Midgare.A [Microsoft]	6
Win-Trojan/Agent2.25088.D [AhnLab]	6
Win-Trojan/Refroso.87933 [AhnLab]	6
Backdoor.Trojan [PC Tools]	5
Backdoor-DWV.a [McAfee]	5
Backdoor-DZM [McAfee]	5
Mal/EncPk-JU, Mal/Behav-103, Mal/Behav-043 [Sophos]	5
Troj/Drop-DE [Sophos]	5
Trojan.Win32.Agent.cnhi [Kaspersky Lab]	5
TrojanDropper:Win32/Refroso.A [Microsoft]	5
VirTool:Win32/Injector.gen!AC [Microsoft]	5
Win-Trojan/Bifrose.59261 [AhnLab]	5
Troj/BRMCrypt-A [Sophos]	4
Trojan.Dropper [Symantec]	4
Trojan.Win32.Refroso.ayz [Kaspersky Lab]	4
Trojan.Win32.Refroso.mth [Kaspersky Lab]	4
Trojan-Downloader.Win32.Agent.ckvz [Kaspersky Lab]	4
Backdoor.Bifrose [PC Tools]	3
Backdoor.Bifrose [Symantec]	3
BackDoor-CEP.gen.av [McAfee]	3
BackDoor-DVB [McAfee]	3
BackDoor-EEC.gen [McAfee]	3
Downloader.Generic [PC Tools]	3
Mal/EncPk-JU, Mal/Behav-043 [Sophos]	3
Mal/Generic-E [Sophos]	3
Trojan.Win32.Refroso.abkq [Kaspersky Lab]	3
Trojan.Win32.Refroso.bdd [Kaspersky Lab]	3
Trojan.Win32.Refroso.jii [Kaspersky Lab]	3
Trojan.Win32.Refroso.t [Kaspersky Lab]	3
VirTool:Win32/CeeInject.F [Microsoft]	3
VirTool:Win32/Vbinder.AP [Microsoft]	3
Virus.Win32.Sality.aa [Kaspersky Lab]	3
Virus.Win32.Virut.ce [Kaspersky Lab]	3
Virus:Win32/Sality.AM [Microsoft]	3
Virus:Win32/Virut.BM [Microsoft]	3
W32.Sality.AE [Symantec]	3
W32.Virut.CF [Symantec]	3
W32/Sality-AM [Sophos]	3
Win32/Kolab.worm.Gen [AhnLab]	3
Win-Trojan/Agent.26624.KC [AhnLab]	3
Win-Trojan/Agent.32256.TG [AhnLab]	3
Win-Trojan/Refroso.67072 [AhnLab]	3
Win-Trojan/Refroso.81920.E [AhnLab]	3
Backdoor.Win32.Bifrose.bspw [Kaspersky Lab]	2
Backdoor-DZP [McAfee]	2
PE_SALITY.EN [Trend Micro]	2
Suspicious.MH690 [Symantec]	2
Troj/Inject-JA [Sophos]	2
Trojan.Win32.Buzus.bnuh [Kaspersky Lab]	2
Trojan.Win32.Refroso.aauf [Kaspersky Lab]	2
Trojan.Win32.Refroso.bpk [Kaspersky Lab]	2
Trojan.Win32.Refroso.cbv [Kaspersky Lab]	2
Trojan.Win32.Refroso.ejh [Kaspersky Lab]	2
Trojan.Win32.Refroso.jus [Kaspersky Lab]	2
Trojan.Win32.Refroso.ztk [Kaspersky Lab]	2
Trojan:Win32/Meredrop [Microsoft]	2
VirTool:Win32/VBInject.gen!BA [Microsoft]	2
VirTool:Win32/VBInject.gen!BV [Microsoft]	2
VirTool:Win32/VBInject.gen!CG [Microsoft]	2
Win32/Kashu.B [AhnLab]	2
Win32/Virut.F [AhnLab]	2
Win-Trojan/Buzus.98304.X [AhnLab]	2
Win-Trojan/Refroso.135680 [AhnLab]	2
Win-Trojan/Xema.variant [AhnLab]	2
Backdoor.Win32.SdBot.oiq [Kaspersky Lab]	1
Backdoor.Win32.Turkojan.gr [Kaspersky Lab]	1
Backdoor:Win32/IRCbot [Microsoft]	1
Backdoor:Win32/Poisonivy.E [Microsoft]	1
BackDoor-CEP.gen.x [McAfee]	1
BackDoor-DKI.gen.bo [McAfee]	1
BackDoor-DVR [McAfee]	1
Backdoor-DZD [McAfee]	1
BackDoor-EHF [McAfee]	1
Dropper/Tempex [AhnLab]	1
Generic Dropper!sf [McAfee]	1
Generic Dropper!yp [McAfee]	1
Generic VB.ay [McAfee]	1
Generic.dx!chv [McAfee]	1

Trojan.Win32.Refroso [Ikarus] has the following possible countries of origin:

Origin		Number of Incidents
	United Kingdom	10
	Germany	9
	Russian Federation	4
	Saudi Arabia	3
	Spain	3
	Croatia	2
	Brazil	1
	Canada	1
	China	1
	France	1
	Sweden	1

Trojan.Win32.Refroso [Ikarus] is known to be created as:

%AppData%\bifrost\server.exe

%AppData%\redbull\wood.exe

%AppData%\system\amg.exe

%AppData%\system\taskmgr.exe

%ProgramFiles%\bifrost\picture.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\common files\system\updates.exe

%ProgramFiles%\redbull\wood.exe

%ProgramFiles%\server.exe

%ProgramFiles%\system\amg.exe

%ProgramFiles%\wmpupdate\wmpupdate.exe

%System%\bifrost\r.exe

%System%\bifrost\server.exe

%System%\cerberus\server.exe

%System%\drivers\ntndis.exe

%System%\schost.exe

%System%\sdra64.exe

%System%\seste\mm.exe

%System%\sys\serv.exe

%System%\system\taskmgr.exe

%System%\system32\system.exe

%System%\windoz\server.exe

%Temp%\1.exe

%Temp%\2.exe

%Temp%\bfile2.exe

%Temp%\file.exe

%Temp%\girl.exe

%Temp%\ixp000.tmp\1.exe

%Temp%\ixp000.tmp\31.exe

%Temp%\ixp000.tmp\gamezer.exe

%Temp%\ixp000.tmp\naif_mob.exe

%Temp%\ixp000.tmp\server.exe

%Temp%\ixp000.tmp\server1.exe

%Temp%\nashi.exe

%Temp%\output.exe

%Temp%\play89.exe

%Temp%\server.exe

%Windir%\kasber-server1.exe

%Windir%\sys\pic.exe

%Windir%\system14.exe

%Windir%\systemserv32.exe

%Windir%\temp\maintrysups.exe

c:\extracted\imaig.exe

c:\extracted\messenger.exe

c:\scan_passowrd.exe

c:\se....exe

c:\ses.exe

c:\xxx.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.