Threat Search: 

ThreatExpert's Statistics for Win-Trojan/Poison.8192.AF [AhnLab]:

Win-Trojan/Poison.8192.AF [AhnLab] is also known as:
Threat AliasNumber of Incidents
Troj/Keylog-JV [Sophos]928
Backdoor.Win32.Poison.pg [Kaspersky Lab]903
BackDoor-DSS.gen.a [McAfee]724
Virus.Win32.Poison [Ikarus]723
Trojan.DL.CKSPost.Gen [PC Tools]510
Backdoor.Ciadoor [Symantec]444
Backdoor.Trojan [Symantec]306
Backdoor:Win32/Poisonivy.H [Microsoft]294
Backdoor:Win32/Poisonivy.E [Microsoft]272
Backdoor:Win32/Poison.M [Microsoft]187
BackDoor-DSS [McAfee]154
Troj/Poison-AE [Sophos]56
Backdoor.Win32.Poison.cpb [Kaspersky Lab]27
Infostealer [Symantec]26
Trojan.DL.Agent.XGB [PC Tools]20
BackDoor-DKI.gen.d [McAfee]19
Backdoor.Poison!sd6 [PC Tools]18
BackDoor-DKI.gen.a [McAfee]16
Mal/EncPk-CI [Sophos]14
Virus.Win32.Poison.DE [Ikarus]14
Backdoor.Win32.Poison.kmq [Kaspersky Lab]12
Backdoor.Win32.PoisonIvy [Ikarus]11
Backdoor.Win32.Poison [Ikarus]6
Backdoor.Win32.Small.uz [Kaspersky Lab]6
Suspicious.MH690 [Symantec]5
Backdoor.Win32.Poison.grs [Kaspersky Lab]4
Backdoor.Win32.Poison.syr [Kaspersky Lab]4
Backdoor.Win32.Poison.twu [Kaspersky Lab]4
Trojan Horse [Symantec]4
Backdoor.Win32.Poison.mim [Kaspersky Lab]2
BackDoor-DKI.gen.e [McAfee]2
Mal/EncPk-GW, Mal/Poison-A, W32/Scribble-B [Sophos]2
Trojan-Downloader.Win32.Small [Ikarus]2
Virus.Win32.Agent.ACII [Ikarus]2
Virus.Win32.Trojan [Ikarus]2
Virus:Win32/Virut.BM [Microsoft]2
W32.Virut.CF [Symantec]2
Backdoor.Poison!ct [PC Tools]1
Backdoor.Win32.Poison.aet [Kaspersky Lab]1
Backdoor.Win32.Poison.ahou [Kaspersky Lab]1
Backdoor.Win32.Poison.bex [Kaspersky Lab]1
Backdoor.Win32.Poison.cow [Kaspersky Lab]1
Backdoor.Win32.Poison.dho [Kaspersky Lab]1
Backdoor.Win32.Poison.jha [Kaspersky Lab]1
Backdoor.Win32.Poison.tkd [Kaspersky Lab]1
Backdoor:Win32/Poisonivy.I [Microsoft]1
Hacktool.Keylogger [Symantec]1
Mal/Generic-A [Sophos]1
PE_VIRUX.H-3 [Trend Micro]1
Troj/Smalla-Gen, Mal/EncPk-CI [Sophos]1
Trojan.Inject!ct [PC Tools]1
Trojan-PSW.Generic [PC Tools]1
Virus.Win32.Crypt.CIK [Ikarus]1

Win-Trojan/Poison.8192.AF [AhnLab] has the following possible countries of origin:
OriginNumber of Incidents
South Africa1
Sweden1

Win-Trojan/Poison.8192.AF [AhnLab] is known to be created as:
%AllUsersProfile%\dev10.exe
%AllUsersProfile%\dev3.exe
%AllUsersProfile%\dev5.exe
%AllUsersProfile%\dev8.exe
%InternetCache%\1.exe
%LocalSettings%\temptmp.exe
%Profiles%\an\desktop\update.exe
%ProgramFiles%\haxy\haxy\server_pi.exe
%ProgramFiles%\hellz\server.exe
%ProgramFiles%\server.exe
%ProgramFiles%\sex.exe
%ProgramFiles%\sssssssssssss.exe
%System%\3b.exe
%System%\444.exe
%System%\5.exe
%System%\aa.exe
%System%\avp.exe
%System%\cmd32.exe
%System%\crs.exe
%System%\dsdsd.exe
%System%\fail.exe
%System%\fg.exe
%System%\hh.exe
%System%\iexplorer.exe
%System%\interxpoler.exe
%System%\j2.exe
%System%\j4x3d.exe
%System%\jogo.exe
%System%\jx2.exe
%System%\ki.exe
%System%\kkookkaa.exe
%System%\ma.exe
%System%\massenger.exe
%System%\mcs.exe
%System%\mesenger.exe
%System%\messenger.exe
%System%\microsoft.exe
%System%\mm.exe
%System%\moop.exe
%System%\msmsgs.exe
%System%\msn.exe
%System%\msncofig.exe
%System%\msngr.exe
%System%\msnmsgr.exe
%System%\msnsys32.exe
%System%\msvessfinal.exe
%System%\new.exe
%System%\nm.exe
%System%\pi_server.exe
%System%\poop.exe
%System%\poye.exe
%System%\realplayerr.exe
%System%\rset542115.exe
%System%\rundl32.exe
%System%\samp-server.exe
%System%\server.exe
%System%\setub.exe
%System%\skype.exe
%System%\ss.exe
%System%\stub.dll
%System%\stup.exe
%System%\svhost.exe
%System%\system.exe
%System%\system32.exe
%System%\test.exe
%System%\toni.exe
%System%\victims121.exe
%System%\win.exe
%System%\windl32.exe
%System%\window.exe
%System%\windows.exe
%System%\windows32wn.exe
%System%\winupd.exe
%System%\xx.exe
%Temp%\-.exe
%Temp%\0.exe
%Temp%\00000.exe
%Temp%\2.exe
%Temp%\585.exe
%Temp%\613818.exe
%Temp%\665716.exe
%Temp%\78.exe
%Temp%\808561.exe
%Temp%\82708.exe
%Temp%\828580.exe
%Temp%\852578.exe
%Temp%\88.exe
%Temp%\aaa.exe
%Temp%\cryptedfile.exe
%Temp%\decrypted.exe
%Temp%\f.exe
%Temp%\ff.exe
%Temp%\filetmp.exe
%Temp%\firefox.exe
%Temp%\gmn7ej.exe
%Temp%\ir_ext_temp_0\autoplay\docs\4564.exe
%Temp%\iricuc.exe
%Temp%\ixp000.tmp\123.exe
%Temp%\ixp000.tmp\231.exe
%Temp%\ixp000.tmp\33.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).