ThreatExpert's Statistics for TrojanDownloader:Win32/FakeRean [Microsoft]:

TrojanDownloader:Win32/FakeRean [Microsoft] is also known as:

Threat Alias	Number of Incidents
Trojan-Downloader.Win32.FakeRean [Ikarus]	310
Packed.Generic.233 [Symantec]	281
FakeAlert-XPSecCenter [McAfee]	176
Mal/EncPk-IF [Sophos]	174
Mal/EncPk-KP [Sophos]	156
Trojan.Win32.FraudPack.rcj [Kaspersky Lab]	96
Backdoor.Win32.Frauder.bxo [Kaspersky Lab]	64
Downloader [Symantec]	64
Mal/WaledPak-D [Sophos]	64
Trojan-Downloader.Win32.Renos [Ikarus]	64
Gen.Packed [Ikarus]	63
Trojan-Downloader.Win32.FraudLoad.fkv [Kaspersky Lab]	61
Packed.Win32.Krap.ad [Kaspersky Lab]	50
Trojan-Downloader.Win32.FraudLoad.fsd [Kaspersky Lab]	49
FakeAlert-CM [McAfee]	47
Virus.Win32.Virut.au [Ikarus]	41
Downloader.MisleadApp [Symantec]	37
Mal/Generic-A [Sophos]	37
Downloader-BOI [McAfee]	36
Generic FakeAlert.d!gen [McAfee]	30
Mal/EncPk-EQ [Sophos]	23
Mal/EncPk-IV [Sophos]	21
Mal/FakeAV-AD, Mal/EncPk-HH [Sophos]	21
Mal/EncPk-HH [Sophos]	20
FakeAlert-DA [McAfee]	17
AntiVirus2009 [Symantec]	15
Trojan-Downloader.Win32.FraudLoad.ehp [Kaspersky Lab]	11
TrojanDownloader:Win32/FakeRean.gen!C [Microsoft]	9
Trojan-Dropper.Win32.FrauDrop.hh [Kaspersky Lab]	9
Win-Trojan/Antiav.189791 [AhnLab]	9
Trojan.Win32.FraudPack [Ikarus]	8
Trojan-Downloader.Win32.FraudLoad [Ikarus]	8
Win-Trojan/Downloader.106499 [AhnLab]	8
HeurEngine.MaliciousPacker [PC Tools]	7
Mal/EncPk-IV, Mal/EncPk-IF [Sophos]	7
Mal/FakeAV-AD [Sophos]	7
Trojan.Win32.FakeAV [Ikarus]	7
Trojan-Downloader.Win32.FraudLoad.eyw [Kaspersky Lab]	7
Trojan-Downloader.Win32.FraudLoad.wcva [Kaspersky Lab]	7
Win32.KME.Based [Ikarus]	7
Win-Trojan/Fakeav.190993.B [AhnLab]	7
Troj/FakeAle-JI [Sophos]	6
Trojan.Win32.FraudPack.gtt [Kaspersky Lab]	6
Trojan.Win32.FraudPack.uoe [Kaspersky Lab]	6
Trojan.Win32.FraudPack.vpp [Kaspersky Lab]	6
Trojan-Downloader.Win32.FraudLoad.fdo [Kaspersky Lab]	6
Win-Trojan/FakeAv.189325 [AhnLab]	6
Win-Trojan/Fraudload.184393 [AhnLab]	6
TROJ_FAKEALE.SMB [Trend Micro]	5
Trojan.Win32.FraudPack.udx [Kaspersky Lab]	5
Trojan.Win32.Winwebsec [Ikarus]	5
Trojan-Downloader.Win32.FraudLoad.eiq [Kaspersky Lab]	5
Win-Trojan/Downloader.104963 [AhnLab]	5
Win-Trojan/Fakealert.238642 [AhnLab]	5
Dropper/Agent.106499 [AhnLab]	4
Mal/TibsPk-D [Sophos]	4
Mal/UnkPack-Fam [Sophos]	4
not-a-virus:FraudTool.Win32.XPAntiSpyware2009.i [Kaspersky Lab]	4
Troj/FakeRean-E [Sophos]	4
Trojan.FakeAV [Symantec]	4
Trojan.Fakeavalert [Symantec]	4
Trojan.Virantix!sd6 [PC Tools]	4
Trojan.Win32.FraudPack.umv [Kaspersky Lab]	4
Trojan.Win32.FraudPack.vmj [Kaspersky Lab]	4
Trojan-Downloader.Win32.FraudLoad.vdii [Kaspersky Lab]	4
Trojan-Dropper.Agent [Ikarus]	4
Trojan-Dropper.Win32.FrauDrop.aez [Kaspersky Lab]	4
Trojan-Dropper.Win32.Insebro [Ikarus]	4
Downloader.MisleadApp [PC Tools]	3
Generic FakeAlert!co [McAfee]	3
Mal/FakeAV-AD, Mal/EncPk-IF, Mal/EncPk-HH [Sophos]	3
Packed.Win32.Krap [Ikarus]	3
RogueAntiSpyware.AntiVirusPro [PC Tools]	3
Troj/FakeAl-J [Sophos]	3
Trojan.Virantix.C [Symantec]	3
Trojan.Win32.FraudPack.vir [Kaspersky Lab]	3
Trojan-Downloader.Win32.FraudLoad.fhe [Kaspersky Lab]	3
Win-Trojan/Fakeav.190539 [AhnLab]	3
Downloader-BON [McAfee]	2
FakeAlert-IX [McAfee]	2
Generic FakeAlert.v [McAfee]	2
Mal/EncPk-HP [Sophos]	2
Mal/EncPk-IF, Mal/EncPk-HH [Sophos]	2
Mal/EncPk-KP, Mal/EncPk-IF [Sophos]	2
Mal/EncPk-LT, Mal/EncPk-IF, Mal/EncPk-KP [Sophos]	2
Mal/FakeAV-AD, Mal/EncPk-IF, Mal/EncPk-HH, Mal/FakeVirPk-A [Sophos]	2
Packed.Generic.218 [Symantec]	2
Packed.Generic.258 [Symantec]	2
Troj/FakeAv-ADU [Sophos]	2
Troj/FakeAV-QB [Sophos]	2
Troj/FakeAV-YF [Sophos]	2
TROJ_INSEBRO.K [Trend Micro]	2
Trojan.Win32.Agent.cbiw [Kaspersky Lab]	2
Trojan.Win32.Pakes.lnh [Kaspersky Lab]	2
Trojan.Win32.Vilsel.huw [Kaspersky Lab]	2
Trojan:Win32/FakeRean [Microsoft]	2
Trojan-Downloader.FakeAV [Ikarus]	2
Trojan-Downloader.Win32.FraudLoad.efr [Kaspersky Lab]	2
Trojan-Downloader.Win32.FraudLoad.fwi [Kaspersky Lab]	2
Trojan-Downloader.Win32.FraudLoad.vppa [Kaspersky Lab]	2

TrojanDownloader:Win32/FakeRean [Microsoft] has the following possible countries of origin:

Origin		Number of Incidents
	Ukraine	264
	Russian Federation	48

TrojanDownloader:Win32/FakeRean [Microsoft] is known to be created as:

%AppData%\lizkavd.exe

%AppData%\seres.exe

%AppData%\svcst.exe

%Profiles%\localservice\application data\lizkavd.exe

%Profiles%\localservice\application data\seres.exe

%Profiles%\localservice\application data\svcst.exe

%ProgramFiles%\antiviruspro_2010\antiviruspro_2010.exe

%ProgramFiles%\antiviruspro_2010\uninstall.exe

%ProgramFiles%\antiviruspro2009\uninstall.exe

%ProgramFiles%\xp_antispyware\uninstall.exe

%Temp%\090614-a-26.exe

%Temp%\lfwo7jtqsctoo.exe

%Temp%\msupd_2.exe

%Temp%\wini10491.exe

%Temp%\wisdstr.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).