ThreatExpert's Statistics for XPAntivirus [Symantec]:

XPAntivirus [Symantec] is also known as:

Threat Alias	Number of Incidents
FakeAlert-AQ [McAfee]	44
RogueAntiSpyware.AntivirusXP2008 [PC Tools]	39
Mal/Heuri-E, Mal/Emogen-N [Sophos]	33
not-a-virus:FraudTool.Win32.XPSecurityCenter.ay [Kaspersky Lab]	30
not-a-virus:FraudTool.Win32.XPAntivirus.qj [Kaspersky Lab]	29
Mal/FakeAV-AH [Sophos]	28
Mal/TibsPk-A [Sophos]	24
Trojan-Downloader.FakeAlert.C [PC Tools]	24
not-a-virus:FraudTool.Win32.MalwareProtector.d [Kaspersky Lab]	22
Generic Downloader.x [McAfee]	21
Trojan:Win32/XPAntiVirus.C [Microsoft]	21
Trojan:Win32/Liften.B [Microsoft]	18
Program:Win32/XPAntiVirus [Microsoft]	17
Generic.dx!fhi [McAfee]	16
Mal/EncPk-JY [Sophos]	16
Trojan.Win32.FraudPack.tix [Kaspersky Lab]	16
Trojan.Win32.Liften [Ikarus]	16
Win-Trojan/Fraudpack.114688.L [AhnLab]	16
Downloader.MisleadApp [Symantec]	15
New Malware.aj [McAfee]	15
Troj/FakeAle-FM [Sophos]	13
TROJ_FAKEAV.CX [Trend Micro]	13
RogueAntiSpyware.XPAntivirus [PC Tools]	12
TROJ_FAKEALER.GJ [Trend Micro]	12
Mal/EncPk-CZ [Sophos]	11
Trojan:Win32/Antivirusxp [Microsoft]	11
Trojan:Win32/FakeXPA [Microsoft]	11
FakeAlert-AB [McAfee]	9
FakeAlert-LA.dll [McAfee]	9
Generic.Win32.Malware [Ikarus]	9
Mal/FakeAV-F [Sophos]	9
Troj/FakeAle-ES [Sophos]	9
TROJ_XPANTIVIR.E [Trend Micro]	9
Trojan.Win32.Agent [Ikarus]	9
Trojan.Win32.Agent.demh [Kaspersky Lab]	9
Trojan.Win32.FraudPack.aiq [Kaspersky Lab]	9
Trojan:Win32/Fakeinit [Microsoft]	9
Trojan:Win32/Yektel.D [Microsoft]	9
Trojan:Win32/FakeSecSen [Microsoft]	8
Generic.dx [McAfee]	7
Trojan:Win32/Winwebsec [Microsoft]	7
Generic PUP.x [McAfee]	6
Mal/FakeAV-AC [Sophos]	6
not-a-virus:FraudTool.Win32.GeneralAntivirus.d [Kaspersky Lab]	6
not-a-virus:FraudTool.Win32.MalwareProtector.r [Kaspersky Lab]	6
Program:Win32/Antivirus2008 [Microsoft]	6
RogueAntiSpyware.AntiVirusPro [PC Tools]	6
Troj/FakeAV-Gen [Sophos]	6
TROJ_FAKEALER.GA [Trend Micro]	6
TROJ_FAKEALER.HO [Trend Micro]	6
TROJ_FAKEAV.JL [Trend Micro]	6
Trojan-Downloader.Win32.FraudLoad [Ikarus]	6
Win-Trojan/Fakeav.18432 [AhnLab]	6
Mal/FakeAV-AK [Sophos]	5
Trojan.Win32.FraudPack.gen [Kaspersky Lab]	5
Backdoor.Win32.Delf.kqt [Kaspersky Lab]	4
FakeAlert-DI [McAfee]	4
FakeAlert-WinwebSecurity.gen [McAfee]	4
Mal/EncPk-CZ, Mal/EncPk-EI [Sophos]	4
New Malware.ix [McAfee]	4
Program:Win32/FakeSecSen [Microsoft]	4
Program:Win32/Winwebsec [Microsoft]	4
Trojan.FraudPack!sd6 [PC Tools]	4
Trojan-Downloader.Win32.Renos [Ikarus]	4
Trojan-Downloader.Win32.Yektel [Ikarus]	4
TrojanDownloader:Win32/Yektel.E [Microsoft]	4
Backdoor.Win32.Mytobor.aw [Kaspersky Lab]	3
Downloader.gen.a [McAfee]	3
Generic.Win32.Malware.Antivirus2008 [Ikarus]	3
Mal/FakeAV-E [Sophos]	3
Troj/FakeAV-CL [Sophos]	3
TROJ_FAKEAV.IF [Trend Micro]	3
Trojan.Win32.FakeAV [Ikarus]	3
Trojan.Win32.FraudPack.aiv [Kaspersky Lab]	3
Trojan:Win32/WinSpywareProtect [Microsoft]	3
Win-Trojan/Xema.variant [AhnLab]	3
Adware.Gen [PC Tools]	2
AntiVirus2008 [Symantec]	2
FakeAlert-AB.dldr [McAfee]	2
FakeAlert-AG.gen.a [McAfee]	2
Generic FakeAlert.a [McAfee]	2
Mal/FakeAV-AH, Mal/FakeAV-AD [Sophos]	2
Mal/FakeAV-AK, Mal/FakeAV-AA [Sophos]	2
Mal/Generic-A [Sophos]	2
Mal/Generic-A, Mal/EncPk-JY [Sophos]	2
not-a-virus:Downloader.Win32.FraudLoad.da [Kaspersky Lab]	2
not-a-virus:FraudTool.Win32.SystemSecurity.ej [Kaspersky Lab]	2
not-a-virus:FraudTool.Win32.XPAntivirus.bt [Kaspersky Lab]	2
not-a-virus:FraudTool.Win32.XPAntivirus.hp [Kaspersky Lab]	2
not-a-virus:FraudTool.Win32.XPAntivirus.ri [Kaspersky Lab]	2
Packed.Win32.Katusha.a [Kaspersky Lab]	2
Program:Win32/Antivirus2009 [Microsoft]	2
Troj/FakeAle-GK [Sophos]	2
Troj/FakeAV-E [Sophos]	2
Troj/FakeVir-BE [Sophos]	2
Trojan.Win32.FakeXPA [Ikarus]	2
Trojan:Win32/Yektel.A [Microsoft]	2
Trojan-Downloader.FraudLoad!sd5 [PC Tools]	2
Trojan-Downloader.Win32.FraudLoad.bm [Kaspersky Lab]	2
Trojan-Downloader.Win32.Small.zbb [Kaspersky Lab]	2

XPAntivirus [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	Russian Federation	39
	Germany	5
	Ukraine	2

XPAntivirus [Symantec] is known to be created as:

%CommonAppData%\1770963855\1294226386.exe

%CommonAppData%\36934646\2063941586.exe

%CommonAppData%\93109366\93109366.exe

%ProgramFiles%\antivirus 2008\antvrs.exe

%ProgramFiles%\general antivirus\genavir.exe

%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe

%ProgramFiles%\sav\sav.exe

%ProgramFiles%\whcc5dj0erc1\uninstall.exe

%ProgramFiles%\whcc5dj0erc1\whcc5dj0erc1.exe

%ProgramFiles%\winprotector3.8\winprotector.exe

%ProgramFiles%\winx security center\uninstall.exe

%ProgramFiles%\xp_antispyware\uninstall.exe

%ProgramFiles%\xpa\xpa.exe

%System%\haskel32.dll

%System%\ieupdates.exe

%System%\msvcrtd.exe

%System%\netfilter.exe

%System%\pphc35dj0erc1.exe

%System%\winhelper86.dll

%Temp%\880158_z.exe

%Temp%\netfilter.exe

%Temp%\xpantivirus2008_v880142.exe

Notes:

%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).