ThreatExpert's Statistics for Trojan:Win32/Tibs.IT [Microsoft]:

Trojan:Win32/Tibs.IT [Microsoft] is also known as:

Threat Alias	Number of Incidents
Trojan.Win32.Tibs [Ikarus]	74
Suspicious.MH690 [Symantec]	45
Trojan.Fakeavalert [Symantec]	25
Mal/EncPk-HL [Sophos]	22
Mal/Generic-A [Sophos]	18
Trojan Horse [Symantec]	13
Trojan-Dropper [Ikarus]	13
Backdoor.Win32.Hupigon.glel [Kaspersky Lab]	12
Generic.dx [McAfee]	12
Mal/EncPk-FO [Sophos]	12
SpywareProtect2009 [Symantec]	11
Downloader [Symantec]	9
Backdoor.Win32.Hupigon [Ikarus]	8
W95/Suk [McAfee]	8
Backdoor.Hupigon!sd6 [PC Tools]	7
BackDoor-AWQ.b [McAfee]	7
Downloader.MisleadApp [Symantec]	6
Downloader-ASH.gen.d [McAfee]	6
Generic BackDoor [McAfee]	6
Troj/FakeAle-LY [Sophos]	5
Trojan:Win32/FakeSpypro [Microsoft]	5
WinSpywareProtect [Symantec]	5
Backdoor.Win32.Hupigon.gemw [Kaspersky Lab]	4
Backdoor.Win32.Hupigon.glmu [Kaspersky Lab]	4
Mal/EncPk-CZ [Sophos]	4
Mal/EncPk-MX, Mal/Behav-321, Mal/EncPk-FO, Mal/FakeVirPk-A [Sophos]	4
not-a-virus:FraudTool.Win32.Agent.jm [Kaspersky Lab]	4
Win-Trojan/Tibs.353808 [AhnLab]	4
FakeAlert-C.dr [McAfee]	3
Troj/FakeVir-KR [Sophos]	3
Trojan-Downloader.MisleadApp!sd6 [PC Tools]	3
Backdoor.Win32.Hupigon.fykj [Kaspersky Lab]	2
Backdoor.Win32.Hupigon.gimd [Kaspersky Lab]	2
Backdoor.Win32.Hupigon.glvf [Kaspersky Lab]	2
Backdoor.Win32.Hupigon.gmpe [Kaspersky Lab]	2
FakeAlert-SpywareProtect [McAfee]	2
Generic FakeAlert!d [McAfee]	2
Generic FakeAlert.a [McAfee]	2
Mal/FakeAV-AA [Sophos]	2
Mal/TibsPak [Sophos]	2
Troj/Agent-JFK [Sophos]	2
Troj/Bdoor-ARX [Sophos]	2
Troj/FakeAV-LT [Sophos]	2
Trojan.Fakeavalert!sd6 [PC Tools]	2
Trojan.Win32.FakeSpypro [Ikarus]	2
Trojan-Downloader.Win32.FraudLoad [Ikarus]	2
Trojan-Downloader.Win32.FraudLoad.dum [Kaspersky Lab]	2
Virus.Win32.Rootkit [Ikarus]	2
W32/Nuwar.worm [McAfee]	2
Win32.SuspectCrc [Ikarus]	2
Win-Trojan/Agent.364560 [AhnLab]	2
Win-Trojan/Hupigon.364560.G [AhnLab]	2
Backdoor.Win32.Agent.anlv [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.fxye [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.fyll [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.fytz [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.fyub [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.fywc [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gakx [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gbuo [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gcco [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gckp [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gclu [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gcmb [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gcog [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gcql [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gfdp [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.ggls [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.ggmk [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.ggnf [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.ghsh [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gkao [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gles [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.glhp [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.glnw [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gmkl [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gmzz [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gnll [Kaspersky Lab]	1
Backdoor.Win32.Hupigon.gnth [Kaspersky Lab]	1
Dropper/Agent.311296.J [AhnLab]	1
FakeAlert-C.dldr [McAfee]	1
FakeAlert-WinwebSecurity.gen [McAfee]	1
Generic PUP.x [McAfee]	1
Generic PWS.y [McAfee]	1
Generic.dx!eyn [McAfee]	1
Generic.dx!fia [McAfee]	1
Infostealer [Symantec]	1
Mal/EncPk-GD, Mal/TibsPak [Sophos]	1
Mal/FakeAV-AF [Sophos]	1
Mal/HckPk-A [Sophos]	1
New Malware.fa [McAfee]	1
not-a-virus:FraudTool.Win32.AntivirusPlus [Ikarus]	1
not-a-virus:FraudTool.Win32.AntivirusPlus.hd [Kaspersky Lab]	1
Rootkit.TDSS [PC Tools]	1
Rootkit.Win32.Pakes.zu [Kaspersky Lab]	1
Swizzor.gen.c [McAfee]	1
Troj/Dloadr-CGZ [Sophos]	1
Troj/FakeAV-MA [Sophos]	1
Troj/FakeVir-LQ [Sophos]	1
Trojan.CryptRedol [Ikarus]	1

Trojan:Win32/Tibs.IT [Microsoft] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	4
	Ukraine	3

Trojan:Win32/Tibs.IT [Microsoft] is known to be created as:

%Profiles%\localservice\application data\880988682.exe

%ProgramFiles%\advancedvirusremover\pavrm.exe

%ProgramFiles%\antivirusxp\antivirusxp.exe

%ProgramFiles%\pc scout\pcscout.exe

%System%\bevtservice.exe

%System%\bevtsvce.exe

%System%\frmwrk.exe

%System%\frmwrk32.exe

%System%\winupdate.exe

%Temp%\172.exe

%Temp%\a.exe

%Temp%\sysguard.exe

%Temp%\vru.exe

%Temp%\winupd64x.exe

%Windir%\svcho.exe

%Windir%\sysguard.exe

%Windir%\temp\172.exe

Notes:

%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.