Threat Search: 

ThreatExpert's Statistics for W32/Autoham-Fam [Sophos]:

W32/Autoham-Fam [Sophos] is also known as:
Threat AliasNumber of Incidents
Worm:Win32/Hamweq.A [Microsoft]103
Worm.Hamweg.Gen [PC Tools]79
Worm.Win32.Hamweq [Ikarus]36
W32.Ircbrute [Symantec]35
WORM_AUTORUN.RYU [Trend Micro]20
Win-Trojan/Agent.13824.FE [AhnLab]18
W32.SillyFDC [Symantec]16
DDoS-Leba [McAfee]13
Backdoor.Hamweq.B [Ikarus]12
WORM_AUTORUN.ABI [Trend Micro]11
Hacktool.Flooder [Symantec]10
Virus.Worm.Win32.AutoRun.dht [Ikarus]10
Generic.dx [McAfee]9
Worm.Win32.AutoRun.gmf [Kaspersky Lab]9
Worm.Win32.AutoRun [Ikarus]8
Trojan Horse [Symantec]7
Worm.Win32.AutoRun.egk [Kaspersky Lab]7
Backdoor.Trojan [Symantec]6
IRC-Worm.Win32.Small [Ikarus]6
Trojan-DDoS.Win32.Agent.bv [Kaspersky Lab]6
W32/Autorun.worm.gen [McAfee]6
Win-Trojan/Hamweq.12288 [AhnLab]6
Win-Trojan/Hamweq.12800 [AhnLab]6
Worm.Win32.AutoRun.dha [Kaspersky Lab]6
IRC-Worm.Win32.Small.t [Kaspersky Lab]5
Win-Trojan/Hamweq.13824 [AhnLab]5
Worm.Win32.AutoRun.akfu [Kaspersky Lab]5
IRC-Worm.Win32.Small.am [Kaspersky Lab]4
W32/Autorun.worm.cd [McAfee]4
Worm.Autorun.DHA [PC Tools]4
Generic BackDoor [McAfee]3
Generic FDoS.l [McAfee]3
Trojan-Downloader.Win32.Agent.pdl [Kaspersky Lab]3
Win-Trojan/Hamweq.12800.C [AhnLab]3
Worm.Win32.AutoRun.dcm [Kaspersky Lab]3
Worm.Win32.AutoRun.ffu [Kaspersky Lab]3
Worm.Win32.AutoRun.uab [Kaspersky Lab]3
IRC-Worm.Win32.Small.cc [Kaspersky Lab]2
Spyware.Keylogger [Symantec]2
W32.SillyDC [Symantec]2
W32/Autorun.worm!eu [McAfee]2
W32/Autorun.worm.el [McAfee]2
W32/Autorun.worm.gc [McAfee]2
Win-Trojan/Agent.12288.EE [AhnLab]2
Worm.Autorun!ct [PC Tools]2
Worm.Win32.AutoRun.dwn [Kaspersky Lab]2
Worm.Win32.AutoRun.ggv [Kaspersky Lab]2
Worm.Win32.AutoRun.mua [Kaspersky Lab]2
Backdoor.Hamweq [Ikarus]1
Backdoor.Hamweq.1 [Ikarus]1
Backdoor.IRC.ZGG [Ikarus]1
Backdoor.Win32.Small.gwj [Kaspersky Lab]1
BKDR_HAMWEQ.J [Trend Micro]1
Hacktool.DoS [Symantec]1
IRC-Worm.Win32.Small.by [Kaspersky Lab]1
IRC-Worm.Win32.Small.cd [Kaspersky Lab]1
IRC-Worm.Win32.Small.u [Kaspersky Lab]1
IRC-Worm.Win32.Small.v [Kaspersky Lab]1
IRC-Worm.Win32.Small.x [Kaspersky Lab]1
IRC-Worm.Win32.Small.y [Kaspersky Lab]1
Spyware.Keylogger [PC Tools]1
Suspicious.Graybird.1 [Symantec]1
Virus.Win32.Agent.bc [Kaspersky Lab]1
W32.IRCBot [Symantec]1
W32/Autorun.worm!bf [McAfee]1
W32/Autorun.worm!bk [McAfee]1
W32/Autorun.worm!bn [McAfee]1
W32/Autorun.worm!o [McAfee]1
W32/Quatoit [McAfee]1
Win32/Autorun.worm.12288.C [AhnLab]1
Win-Trojan/Agent.13320.C [AhnLab]1
Win-Trojan/Hamweq.12288.C [AhnLab]1
Win-Trojan/Hamweq.12800.B [AhnLab]1
Win-Trojan/IRCBot.13358 [AhnLab]1
Worm.AutoRun!sd6 [PC Tools]1
Worm.Win32.AutoRun.avrn [Kaspersky Lab]1
Worm.Win32.AutoRun.azrm [Kaspersky Lab]1
Worm.Win32.AutoRun.dql [Kaspersky Lab]1
Worm.Win32.AutoRun.dyy [Kaspersky Lab]1
Worm.Win32.AutoRun.fmy [Kaspersky Lab]1
Worm.Win32.AutoRun.fsl [Kaspersky Lab]1
Worm.Win32.AutoRun.mkh [Kaspersky Lab]1
Worm.Win32.AutoRun.xjd [Kaspersky Lab]1
WORM_HAMWEQ.AB [Trend Micro]1
WORM_SMALL.GXM [Trend Micro]1

W32/Autoham-Fam [Sophos] is known to be created as:
%System%\iexplorer.exe
%Temp%\2rgoj3\bob.exe
%Temp%\decrypted.exe
%Temp%\recycler\k-1-3542-4232123213-7676767-8888886\xv.exe
%Windir%\crypted.exe
%Windir%\winnt.exe
c:\murkrow.exe
c:\recycle\d-0-060-0000000000-1111111-2222222\ryan.exe
c:\recycle\d-0-060-0000000000-1111111-2222222\venet.exe
c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe
c:\recycler\k-1-3542-4232123213-7676767-8888886\xv.exe
c:\removable\device\dew.exe
c:\restore\k-1-3542-4232123213-7676767-8888886\devrgm.exe
c:\restore\k-1-3542-4232123213-7676767-8888886\maq.exe
c:\restore\k-1-3542-4232123213-7676767-8888886\ogard.exe
c:\restore\s-1-5-21-1482476501-1644491937-682003330-1013\bob.exe
c:\saber\v2009\sux.exe
c:\system\s-1-5-21-1482476501-1644491937-682003330-1013\usb.exe
c:\v\f\heur2.exe
Notes:
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.