ThreatExpert's Statistics for TrojanSpy:Win32/Mafod!rts [Microsoft]:

TrojanSpy:Win32/Mafod!rts [Microsoft] is also known as:

Threat Alias	Number of Incidents
Mal/Generic-A [Sophos]	62
Infostealer.Bancos [Symantec]	38
Trojan Horse [Symantec]	22
Backdoor.Trojan [Symantec]	18
Backdoor.Cakl [PC Tools]	17
Backdoor.Win32.Cakl.a [Kaspersky Lab]	17
BackDoor-CZP [McAfee]	17
Win-Trojan/Xema.variant [AhnLab]	14
Rootkit.Win32.Banker.e [Ikarus]	13
Trojan-PSW.Bancos [PC Tools]	13
BKDR_CAKL.OF [Trend Micro]	12
PWS-Banker [McAfee]	12
Rootkit.Win32.Banker.e [Kaspersky Lab]	12
Infostealer.Banker.C [Symantec]	10
Downloader [Symantec]	9
PWS-Banker!bkt [McAfee]	9
Trojan-Banker.Win32.Banker [Ikarus]	9
Win-Trojan/Rootkit.7168.O [AhnLab]	9
Win-Trojan/Agent.9728.PE [AhnLab]	8
Mal/Behav-010 [Sophos]	6
Trojan-Downloader.Win32.Banload [Ikarus]	6
Trojan-Dropper.Agent [Ikarus]	6
Generic.dx [McAfee]	5
Troj/Bckdr-IGQ [Sophos]	5
Trojan.Win32.KillFiles [Ikarus]	5
Mal/Banker-E [Sophos]	4
PWS-Banker!bh [McAfee]	4
Rootkit.Win32.Banker.d [Ikarus]	4
Trojan.Generic [PC Tools]	4
Trojan-Downloader.Win32.Banload.aeqr [Kaspersky Lab]	4
Trojan-Dropper [Ikarus]	4
Trojan-Spy.Banker [Ikarus]	4
Trojan-Spy.Win32.Banker.bht [Ikarus]	4
Win-Trojan/Banload.152064.H [AhnLab]	4
Win-Trojan/Cakl.12336 [AhnLab]	4
Win-Trojan/Killfiles.39680 [AhnLab]	4
Backdoor.Generic [Ikarus]	3
Backdoor.Win32.Cakl [Ikarus]	3
HackTool.Win32.Crypt.be [Kaspersky Lab]	3
Infostealer [Symantec]	3
PWS-Banker!l [McAfee]	3
PWS-Banker!m [McAfee]	3
Trojan.Crypt [Ikarus]	3
Trojan-Downloader.Win32.Banload.adyw [Kaspersky Lab]	3
Trojan-PSW.Banker [PC Tools]	3
Win-Trojan/Banload.1752576 [AhnLab]	3
Win-Trojan/Banload.40960.DE [AhnLab]	3
Downloader.Generic [PC Tools]	2
Generic.Banker.Delf [Ikarus]	2
Generic.dx!tq [McAfee]	2
HackTool.Win32.Crypt [Ikarus]	2
HackTool.Win32.Crypt.ks [Kaspersky Lab]	2
HackTool.Win32.Crypt.mk [Kaspersky Lab]	2
Infostealer.Gampass [Symantec]	2
PWS-Banker!dvd [McAfee]	2
PWS-Banker.gen.dh.dldr [McAfee]	2
Rootkit.Win32.Banker.d [Kaspersky Lab]	2
Troj/Agent-KRD [Sophos]	2
Troj/Banker-ETU [Sophos]	2
Trojan.Goldun [PC Tools]	2
Trojan.Goldun [Symantec]	2
Trojan.Loader [Ikarus]	2
Trojan.Win32.Genome [Ikarus]	2
Trojan.Win32.KillFiles.arv [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.ahmu [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.ahtg [Kaspersky Lab]	2
Trojan-Banker.Win32.Banker.akch [Kaspersky Lab]	2
Trojan-Downloader.BAT.Agent.cb [Kaspersky Lab]	2
Trojan-Downloader.Win32.Banload.ackw [Kaspersky Lab]	2
Trojan-Downloader.Win32.Banload.anuk [Kaspersky Lab]	2
Trojan-Downloader.Win32.Banload.veh [Kaspersky Lab]	2
Trojan-Downloader.Win32.BHO [Ikarus]	2
Trojan-Downloader.Win32.Delf.vos [Kaspersky Lab]	2
Trojan-PWS.Win32.Gamec [Ikarus]	2
Trojan-Spy.Win32.Amber.bo [Kaspersky Lab]	2
Win-Trojan/Agent.1558016.C [AhnLab]	2
Win-Trojan/Banker.158208.E [AhnLab]	2
Adware.Websearch [PC Tools]	1
Backdoor.Badcodor [PC Tools]	1
Backdoor.Badcodor [Symantec]	1
Backdoor.Hackdoor [PC Tools]	1
Backdoor.Haxdoor.K [Symantec]	1
Backdoor.Win32.Bancodor.be [Kaspersky Lab]	1
Downloader-EV [McAfee]	1
Flooder.Win32.Agent [Ikarus]	1
Flooder.Win32.Agent.aw [Kaspersky Lab]	1
Generic BackDoor!gs [McAfee]	1
Generic Del.x [McAfee]	1
Generic Dropper!bmu [McAfee]	1
Generic PWS.b [McAfee]	1
Generic PWS.y [McAfee]	1
Generic PWS.y!bkk [McAfee]	1
Generic PWS.y!kt [McAfee]	1
Generic.dx!bht [McAfee]	1
Generic.dx!dfs [McAfee]	1
Generic.dx!ffx [McAfee]	1
Generic.dx!gzi [McAfee]	1
Generic.dx!hf [McAfee]	1
Generic.dx!tz [McAfee]	1
HackTool.Win32.Crypt.an [Kaspersky Lab]	1

TrojanSpy:Win32/Mafod!rts [Microsoft] has the following possible countries of origin:

Origin		Number of Incidents
	Brazil	38
	Russian Federation	5
	China	3
	Germany	3
	Spain	3
	Israel	2

TrojanSpy:Win32/Mafod!rts [Microsoft] is known to be created as:

%AppData%\spoolsv.exe

%ProgramFiles%\ashavast_.exe

%ProgramFiles%\carb.exe

%System%\bekbn.dll

%System%\crypter.exe

%System%\drivers\cta322.sys

%System%\drivers\nvideo32.dll

%System%\linkvc5.dll

%System%\melt.exe

%System%\ntswrl32.dll

%System%\plug.sys

%System%\pyhzts.dll

%System%\sebdpp.dll

%System%\sslmgr.exe

%System%\sysupdate32.exe

%System%\wndtx1.dll

%Temp%\lasms.exe

%Temp%\operador.exe

%Windir%\temp\f2.exe

c:\programm files\premium_crypter.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.