ThreatExpert's Statistics for PE_VIRUT.AP [Trend Micro]:

PE_VIRUT.AP [Trend Micro] is also known as:

Threat Alias	Number of Incidents
Virus:Win32/Virut.BI [Microsoft]	111
W32/Virut.j [McAfee]	100
W32.Virut.W [Symantec]	95
W32/Virut-Gen [Sophos]	87
Virus.Win32.Virut.bw [Kaspersky Lab]	53
Virus.Win32.Virut.bu [Kaspersky Lab]	42
Win32/Virut.Gen [AhnLab]	38
Win32.Virut.U [Ikarus]	29
Mal/HckPk-A, W32/Virut-Gen [Sophos]	21
Virus.Win32.Virut.bv [Kaspersky Lab]	17
Virus.Win32.Virut [Ikarus]	10
Generic FakeAlert.d [McAfee]	7
Trojan.Virantix.C [Symantec]	7
Trojan-Downloader.Win32.Pakernat.A [Ikarus]	6
Virus.Win32.Sality [Ikarus]	6
Virus.Win32.Virut.bi [Ikarus]	6
VirTool.Win32.Obfuscator.DF [Ikarus]	4
Backdoor.Win32.Bifrose [Ikarus]	3
Packer.Malware.Lighty.O [Ikarus]	3
Trojan.Pandex [Symantec]	3
Backdoor.Win32.PoisonIvy.az [Ikarus]	2
Downloader-ASH.gen.b [McAfee]	2
FakeAlert-AG.gen.c [McAfee]	2
Generic PWS.ak [McAfee]	2
Infostealer [Symantec]	2
Mal/Bifrose-S, W32/Virut-Gen [Sophos]	2
Virus.Virut.bv [PC Tools]	2
Virus.Win32.Virut.bu [Ikarus]	2
Backdoor [Ikarus]	1
Backdoor.Bifrose [Symantec]	1
Backdoor.Pigeon [Ikarus]	1
Backdoor.Prorat [Symantec]	1
Backdoor.Rustock [Ikarus]	1
Backdoor.SdBot [Ikarus]	1
Backdoor.Win32.Beastdoor [Ikarus]	1
Backdoor.Win32.Hupigon [Ikarus]	1
Backdoor.Win32.Prorat.dz [Kaspersky Lab]	1
Backdoor.Win32.VB [Ikarus]	1
Backdoor:Win32/Prorat.K [Microsoft]	1
Downloader [Symantec]	1
Email-Worm.Win32.Generic [Ikarus]	1
Email-Worm.Win32.Mydoom.bj [Ikarus]	1
I-Worm.Chir.B [PC Tools]	1
Mal/Generic-A, W32/Virut-Gen [Sophos]	1
Mal/TinyDL-T, Mal/HckPk-A, W32/Virut-Gen [Sophos]	1
Malware.Virut [PC Tools]	1
Packed.Win32.Koblu [Ikarus]	1
Packed.Win32.Krap [Ikarus]	1
Spam-Mailbot [McAfee]	1
Troj/SpamToo-AX [Sophos]	1
Trojan Horse [Symantec]	1
Trojan.Agent.DEL [PC Tools]	1
Trojan.Midgare.EYZ [PC Tools]	1
Trojan.StartPage.WZ [PC Tools]	1
Trojan.Win32.Pakes [Ikarus]	1
Trojan.Win32.ProcessHijack [Ikarus]	1
Trojan.Win32.Tibs [Ikarus]	1
Trojan-Banker.Win32.Bancos [Ikarus]	1
Trojan-Downloader.Win32.Tibs.kue [Ikarus]	1
Trojan-Downloader.Win32.Tiny.byx [Kaspersky Lab]	1
Trojan-Dropper.Kobcka [Ikarus]	1
Trojan-Dropper.Win32.Cutwail.AL [Ikarus]	1
Trojan-Dropper.Win32.Small.aww [Ikarus]	1
TrojanDropper:Win32/Cutwail [Microsoft]	1
Trojan-Proxy.Win32.Delf.av [Ikarus]	1
VirTool.Win32.DelfInject [Ikarus]	1
Virus.Trojan.Win32.Agent.agsl [Ikarus]	1
Virus.Trojan.Win32.VB [Ikarus]	1
Virus.Win32.Prorat [Ikarus]	1
Virus.Win32.Sality.s [Ikarus]	1
Virus.Win32.Virut.bw [Ikarus]	1
W32.Gammima.AG [Symantec]	1
W32.Mytob@mm [Symantec]	1
W32.Sality.Y [Ikarus]	1
W32.Traxg@mm [Symantec]	1
W32/Chir-B [Sophos]	1
Win32.Alman.B [PC Tools]	1
Win32.NGVCK.TTD [Ikarus]	1
Worm:Win32/VB.AM [Microsoft]	1

PE_VIRUT.AP [Trend Micro] has the following possible countries of origin:

Origin		Number of Incidents
	China	7
	Sweden	4
	Germany	2
	Turkey	2
	Australia	1
	Belgium	1
	Brazil	1
	Israel	1
	Netherlands	1
	Republic of Korea	1
	Russian Federation	1
	Saudi Arabia	1
	Spain	1

PE_VIRUT.AP [Trend Micro] is known to be created as:

%AppData%\facegame\facegame.exe

%CommonAppData%\cfunilcb\arenqnqd.exe

%FontsDir%\a32d0.com

%System%\ckvo.exe

%System%\csrsc.exe

%System%\dj-dn.exe

%System%\dn.exe

%System%\kamsoft.exe

%System%\reader.exe

%System%\reader_s.exe

%System%\rpc.exe

%System%\rs32net.exe

%System%\update32.exe

%System%\web.exe

%System%\yur1.exe

%System%\yur10.exe

%System%\yur11.exe

%System%\yur12.exe

%System%\yur13.exe

%System%\yur14.exe

%System%\yur15.exe

%System%\yur16.exe

%System%\yur17.exe

%System%\yur18.exe

%System%\yur19.exe

%System%\yur1a.exe

%System%\yur1b.exe

%System%\yur1c.exe

%System%\yur1d.exe

%System%\yur1e.exe

%System%\yur1f.exe

%System%\yur2.exe

%System%\yur2a.exe

%System%\yur3.exe

%System%\yur4.exe

%System%\yur41.exe

%System%\yur5.exe

%System%\yur6.exe

%System%\yur61.exe

%System%\yur62.exe

%System%\yur63.exe

%System%\yur69.exe

%System%\yur6a.exe

%System%\yur6d.exe

%System%\yur6e.exe

%System%\yur6f.exe

%System%\yur7.exe

%System%\yur70.exe

%System%\yur71.exe

%System%\yur72.exe

%System%\yur8.exe

%System%\yur9.exe

%System%\yura.exe

%System%\yurb.exe

%System%\yurc.exe

%System%\yurd.exe

%System%\yure.exe

%System%\yurf.exe

%Temp%\csrssc.exe

%Temp%\init.exe

%UserProfile%\reader_s.exe

%Windir%\dhcp\svchost.exe

%Windir%\dj-apple.exe

%Windir%\dj-dn.exe

%Windir%\msg.exe

%Windir%\pl.exe

%Windir%\services.exe

%Windir%\svchost.exe

%Windir%\thong.exe

%Windir%\twain.exe

%Windir%\vaillo.exe

%Windir%\vmmreg32.exe

%Windir%\winword.exe

c:\2u.com

c:\americancorner\book.exe

c:\angkor\mobiles.exe

c:\anz\bank.exe

c:\bbc\sreysros.exe

c:\bootsystem.exe

c:\chendaravy\internet.exe

c:\cto\computergames.exe

c:\directory\rpc.exe

c:\directory\system.exe

c:\dj-apple.exe

c:\dj-dn.exe

c:\my girls\folderdata.exe

c:\pl\mobilesandcoputerrepairing.exe

c:\recycler\lsass.exe

c:\vaillo\mp3.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.