Threat Search: 

ThreatExpert's Statistics for Email-Worm.Zhelatin [PC Tools]:

Email-Worm.Zhelatin [PC Tools] is also known as:
Threat AliasNumber of Incidents
Packed.Win32.Tibs.ap [Kaspersky Lab]37,727
Generic.dx [McAfee]36,689
TROJ_AGENT.ZLH [Trend Micro]31,816
Bloodhound.Unknown [Symantec]25,875
TROJ_PEACOMM.BM [Trend Micro]23,961
W32/Nuwar.sys [McAfee]15,546
TROJ_PEACOMM.BQ [Trend Micro]5,238
Hacktool.Rootkit [Symantec]3,588
NTRootKit-J [McAfee]3,502
RTKT_AGENT.EBK [Trend Micro]2,975
Trojan.Peacomm.D [Symantec]2,370
Hacktool.Rootkit!sd6 [PC Tools]1,768
Troj/Tibs-TX [Sophos]1,700
Email-Worm.Win32.Zhelatin.vl [Kaspersky Lab]1,649
Email-Worm.Win32.Zhelatin.sd [Kaspersky Lab]1,630
VirTool:WinNT/Tibs.gen!A [Microsoft]1,581
TrojanDownloader:Win32/Vxidl [Microsoft]986
Troj/Tibs-TJ [Sophos]970
Packed.Win32.Tibs [Ikarus]599
Downloader-BAI.sys.gen.a [McAfee]550
Win-Trojan/Tibs.7712 [AhnLab]388
Backdoor:WinNT/Nuwar.B!sys [Microsoft]326
Email-Worm.Win32.Zhelatin.vl [Ikarus]272
Troj/Dorf-Fam [Sophos]215
Backdoor.WinNT.Nuwar.E [Ikarus]163
Troj/Dorf-AP [Sophos]163
Win-Trojan/Zhelatin.129792 [AhnLab]163
Email-Worm.Win32.Zhelatin.afj [Kaspersky Lab]160
Trojan.Peacomm [Symantec]93
Rootkit.QQHelp.Gen.6 [PC Tools]80
Email-Worm.Win32.Zhelatin.d [Kaspersky Lab]65
BKDR_AGENT.AVJZ [Trend Micro]60
W32/Nuwar@MM [McAfee]59
Backdoor:WinNT/Nuwar.A!sys [Microsoft]54
Win-Trojan/Rootkit.15328 [AhnLab]51
WORM_NUCRP.GEN [Trend Micro]51
TROJ_TIBS.AP [Trend Micro]50
Email-Worm.Win32.Zhelatin.a [Ikarus]46
Tibs-Packed [McAfee]41
Downloader-BAI.sys [McAfee]38
RTKT_NUWAR.UY [Trend Micro]36
Email-Worm.Zhelatin!sd5 [PC Tools]35
Packed.Win32.Tibs.ab [Kaspersky Lab]33
Trojan.Peacomm.B [Symantec]25
Email-Worm.Win32.Zhelatin.vd [Kaspersky Lab]24
Email-Worm.Win32.Zhelatin.qa [Kaspersky Lab]22
Mal/DorfSys-A [Sophos]21
Trojan.Win32.KillProc.s [Kaspersky Lab]21
TrojanDownloader:Win32/Tibs [Microsoft]20
WORM_ZHELATIN.EG [Trend Micro]18
Troj/Dorf-M [Sophos]16
TROJ_SMALL.EDW [Trend Micro]15
TROJ_TIBS.ART [Trend Micro]15
WORM_NUWAR.EN [Trend Micro]15
Email-Worm.Win32.Zhelatin.my [Kaspersky Lab]14
Trojan.Packed.13 [Symantec]13
Email-Worm.Win32.Zhelatin.kv [Kaspersky Lab]12
WORM_ZHELATI.AIR [Trend Micro]12
Win-Trojan/Rootkit.54016 [AhnLab]11
Trojan.Mespam [Symantec]10
Downloader-BAI.gen.d [McAfee]9
Email-Worm.Win32.Zhelatin.ab [Kaspersky Lab]9
Email-Worm.Win32.Zhelatin.al [Kaspersky Lab]9
Email-Worm.Win32.Zhelatin.nc [Kaspersky Lab]9
Spam-Mespam [McAfee]9
TROJ_MULP.I [Trend Micro]9
Trojan:Win32/Mespam [Microsoft]9
W32.Mixor.Q@mm [Symantec]9
Email-Worm.Win32.Zhelatin.it [Kaspersky Lab]8
Possible_Nucrp-6 [Trend Micro]8
Trojan Horse [Symantec]7
Backdoor:WinNT/Nuwar.C!sys [Microsoft]6
Email-Worm.Win32.Zhelatin.al [Ikarus]6
Mal/Cimuz-D [Sophos]6
Mal/Generic-A [Sophos]6
Win-Trojan/Zhelatin.7968 [AhnLab]6
Email-Worm.Win32.Zhelatin.pd [Kaspersky Lab]5
Win-Trojan/Tibs.153728 [AhnLab]5
WORM_NUCRYPT.GEN [Trend Micro]5
Downloader-ASH.gen.b [McAfee]4
Downloader-BAI.sys!M711 [McAfee]4
Troj/DwnLdr-FYD [Sophos]4
Trojan-Dropper.Win32.Agent.bbv [Kaspersky Lab]4
Worm:Win32/Nuwar.N@mm!CME711 [Microsoft]4
Email-Worm.Win32.Zhelatin.hc [Kaspersky Lab]3
Mal/Cimuz-D, Mal/Cimuz-A [Sophos]3
Trojan:Win32/Nuwar [Microsoft]3
Trojan:Win32/Tibs.CG [Microsoft]3
W32/Dref-AB [Sophos]3
Win32/Zhelatin.77824 [AhnLab]3
Win32/Zhelatin.worm.37747.G [AhnLab]3
Cryp_Xed-3 [Trend Micro]2
Downloader [Symantec]2
Email-Worm.Win32.Zhelatin.he [Kaspersky Lab]2
Email-Worm.Win32.Zhelatin.ki [Kaspersky Lab]2
Email-Worm.Win32.Zhelatin.nd [Kaspersky Lab]2
Mal/Dorf-E, Mal/TibsPk-D, Mal/Dorf-D, Mal/TibsPak [Sophos]2
Packed.Win32.Tibs.bl [Kaspersky Lab]2
Possible_Nucrp-4 [Trend Micro]2
Possible_Nucrp-5 [Trend Micro]2

Email-Worm.Zhelatin [PC Tools] has the following possible country of origin:
OriginNumber of Incidents
Russian Federation1

Email-Worm.Zhelatin [PC Tools] is known to be created as:
%System%\b5hcwg1.exe
%System%\burito1083-3ba7.sys
%System%\burito1144-51c0.sys
%System%\burito1205-67d5.sys
%System%\burito2137-1d43.sys
%System%\burito243b-75a7.sys
%System%\burito267e-37ef.sys
%System%\burito28c1-7a3a.sys
%System%\burito2982-1054.sys
%System%\burito2a43-266d.sys
%System%\burito2b04-3c86.sys
%System%\burito36dd-2660.sys
%System%\burito3732-198f.sys
%System%\burito37f3-2fa8.sys
%System%\burito3f7d-ca0.sys
%System%\burito403e-22b9.sys
%System%\burito40ff-38d2.sys
%System%\burito4281-6504.sys
%System%\burito4342-7b1d.sys
%System%\burito4403-1137.sys
%System%\burito44c4-274c.sys
%System%\burito5335-46a0.sys
%System%\burito5525-623c.sys
%System%\burito587c-614c.sys
%System%\burito593d-7765.sys
%System%\burito59fe-d7f.sys
%System%\burito5abf-2398.sys
%System%\burito5b80-39b1.sys
%System%\burito5c41-4fca.sys
%System%\burito5d02-65e3.sys
%System%\burito5dc3-7bfc.sys
%System%\burito5e84-1216.sys
%System%\burito70ba-1fe4.sys
%System%\burito717b-35fd.sys
%System%\burito72fd-622f.sys
%System%\burito73be-7848.sys
%System%\burito747f-e62.sys
%System%\burito7601-3a94.sys
%System%\burito76c2-50a9.sys
%System%\burito7783-66c2.sys
%System%\burito7844-7cdb.sys
%System%\buritobfd-3710.sys
%System%\buritocbe-4d29.sys
%System%\buritod7f-6342.sys
%System%\buritof01-f75.sys
%System%\diperto1205-67d5.sys
%System%\diperto1c6d-6fb9.sys
%System%\diperto2b04-3c86.sys
%System%\diperto44c4-274c.sys
%System%\diperto5ad6-5353.sys
%System%\diperto5e84-1216.sys
%System%\diperto7844-7cdb.sys
%System%\kernelw.sys
%System%\kernelwind32.exe
%System%\msansspc.dll
%System%\newmaxxsv234.exe
%System%\noskrnl.sys
%System%\oirijshr120567d5.sys
%System%\oirijshr14727098.sys
%System%\oirijshr20097dff.sys
%System%\oirijshr23ce6c7d.sys
%System%\oirijshr248f297.sys
%System%\oirijshr3d8e5743.sys
%System%\oirijshr3e4f6d5c.sys
%System%\oirijshr5389538f.sys
%System%\oirijshr544a69a8.sys
%System%\oirijshr568d2bf4.sys
%System%\oirijshr574e420d.sys
%System%\oirijshr580f5826.sys
%System%\oirijshr649133a.sys
%System%\oirijshr6d493e55.sys
%System%\oirijshr704d16ba.sys
%System%\oirijshr710e2cd3.sys
%System%\oirijshr76ec1721.sys
%System%\oirijshra0e1b4.sys
%System%\oirijshracf17cd.sys
%System%\oirijshrb902de6.sys
%System%\rsvp32_2.dll
%System%\s3s.exe
%System%\spooldr.sys
%System%\sr66fsb.exe
%System%\sysrest.sys
%System%\taskmon.sys
%System%\vdo_5816-23e5.sys
%System%\vdo_d19-25d7.sys
%System%\wincom32.sys
%System%\wind32.exe
%System%\windev-2496-4e55.sys
%System%\windev-26cd-459f.sys
%System%\windev-2741-1a88.sys
%System%\windev-4c92-2d3a.sys
%System%\windev-6109-30d4.sys
%System%\windev-6652-1800.sys
%System%\windev-c58-fbe.sys
%Temp%\lev-severa-1.exe
%Windir%\aromis.exe
%Windir%\disnisa.exe
%Windir%\noskrnl.exe
%Windir%\ntfyapp.exe
%Windir%\spooldr.exe
Notes:
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.