Threat Search: 

ThreatExpert's Statistics for PE_VIRUT.AT [Trend Micro]:

PE_VIRUT.AT [Trend Micro] is also known as:
Threat AliasNumber of Incidents
W32/Virut.gen.a [McAfee]102
Virus.Win32.Virut.at [Kaspersky Lab]95
Win32.Virut.Gen.4 [PC Tools]85
Virus:Win32/Virut.AA [Microsoft]58
W32/Virut-Gen [Sophos]52
W32.Virut.W [Symantec]45
Win32/Virut [AhnLab]41
W32.IRCBot [Symantec]13
Bloodhound.Unknown [Symantec]10
Mal/HckPk-A, W32/Virut-Gen [Sophos]6
Virus.Win32.Virut.n [Ikarus]6
W32/RAHack [McAfee]6
Backdoor.Win32.Nepoe.em [Kaspersky Lab]4
Trojan.Crypt.NSPM [Ikarus]4
Trojan.Win32.Qhost.aei [Ikarus]4
W32.Spybot.Worm [Symantec]4
Backdoor.SdBot [PC Tools]3
Backdoor.Sdbot [Symantec]3
Backdoor.Trojan [Symantec]3
Mal/Dropper-G, W32/Virut-Gen [Sophos]3
Packer.RLPack [Ikarus]3
Trojan.Sramler.I [PC Tools]3
Trojan-Dropper.Win32.Sramler.e [Kaspersky Lab]3
Virus.Win32.Rizo.E [Ikarus]3
Virus.Win32.Sality [Ikarus]3
Virus.Win32.Virut [Ikarus]3
Worm.Allaple.AA [PC Tools]3
Worm.Win32.Neeris [Ikarus]3
Worm:Win32/Neeris.AN [Microsoft]3
Backdoor.VanBot.CL [PC Tools]2
Backdoor.Win32.VanBot [Ikarus]2
Backdoor:Win32/Poebot.AT [Microsoft]2
Mal/TinyDL-T, Mal/HckPk-A, W32/Virut-Gen [Sophos]2
Net-Worm.Win32.Allaple.a [Ikarus]2
Packer.RLPack.D [Ikarus]2
Trojan-Dropper.Win32.Delf [Ikarus]2
Trojan-Proxy.Win32.Slaper.n [Ikarus]2
Virus.Win32.Virut.n [Kaspersky Lab]2
W32.SillyFDC [Symantec]2
Worm.Poebot.IT [PC Tools]2
Adware.Relevant.A [PC Tools]1
Backdoor.Bot [Ikarus]1
Backdoor.Win32.Rbot.adqd [Kaspersky Lab]1
Backdoor.Win32.VanBot.wv [Kaspersky Lab]1
Backdoor:Win32/Poebot.BA [Microsoft]1
Backdoor:Win32/Poebot.BD [Microsoft]1
Generic BackDoor [McAfee]1
Mal/EncPk-BW, W32/Virut-Gen [Sophos]1
Mal/Generic-A, W32/Virut-Gen [Sophos]1
Mal/MDrop-Gen, W32/Virut-Gen [Sophos]1
Mal/TibsPak, Mal/HckPk-A, W32/Virut-Gen [Sophos]1
Net-Worm.Win32.Allaple.b [Kaspersky Lab]1
Net-Worm.Win32.Kolabc [Ikarus]1
Spam-Mailbot [McAfee]1
Spyware.Marketscore_Netsetter [PC Tools]1
Trojan.DL.Small.WJH [PC Tools]1
Trojan.PR.Ranky.FP [PC Tools]1
Trojan.Win32.Inject [Ikarus]1
Trojan-Downloader.Win32.Small [Ikarus]1
Trojan-Dropper.Win32.Microjoin [Ikarus]1
Trojan-GameThief.Win32.Lmir.ayr [Kaspersky Lab]1
Virus:Win32/Lurka.A [Microsoft]1
Virus:Win32/Virut.D [Microsoft]1
W32.Rahack.H [Symantec]1
W32/Allaple-F [Sophos]1
W32/Lurka.a [McAfee]1
W32/Lurka-A [Sophos]1
W32/Virut.j [McAfee]1
W32/Virut-L [Sophos]1
Worm.Korgo.AC [PC Tools]1
Worm.Poebot.IN [PC Tools]1
Worm.Poebot.KC [PC Tools]1
Worm.PoeBot.KY [PC Tools]1
Worm.VB.FMU [PC Tools]1
Worm.VB.VLL [PC Tools]1
Worm.Win32.Korgo.AC [Ikarus]1
Worm.Win32.VB.cj [Ikarus]1
Worm:Win32/Korgo.H [Microsoft]1
Worm:Win32/Wootbot.EG [Microsoft]1

PE_VIRUT.AT [Trend Micro] has the following possible countries of origin:
OriginNumber of Incidents
China3
Sweden3
Germany2
Ukraine2
United Kingdom2
Hungary1
Italy1
Taiwan1
Turkey1

PE_VIRUT.AT [Trend Micro] is known to be created as:
%CommonPrograms%\startup\msconfig.exe
%FontsDir%\unwise_.exe
%ProgramFiles%\common files\system\msasp32.exe
%System%\116276867285l.exe
%System%\algs.exe
%System%\cilevb.com
%System%\csrs.exe
%System%\csrsc.exe
%System%\dllcache\regedit32.com
%System%\dllcache\shell32.com
%System%\dllchache.exe
%System%\explorer.exe
%System%\firewall.exe
%System%\hqamqrji.exe
%System%\iexplore.exe
%System%\iexplorer.exe
%System%\isass.exe
%System%\logon.exe
%System%\lssas.exe
%System%\m5vbvm60.exe
%System%\plscd.exe
%System%\rund1132.exe
%System%\spooisv.exe
%System%\spoolsvc.exe
%System%\winamp.exe
%System%\winiogon.exe
%Temp%\glb1a2b.exe
%Templates%\53635\13453635.exe
%Templates%\53635\service.exe
%Templates%\53635\winlogon.exe
%Windir%\038672855.exe
%Windir%\25727\bb278153l.com
%Windir%\25727\smss.exe
%Windir%\25727\system.exe
%Windir%\config\lsass.exe
%Windir%\l187511.exe
%Windir%\lsass.exe
%Windir%\pchealth\uploadlb\binaries\binaries.exe
%Windir%\pchealth\uploadlb\config\config.exe
%Windir%\svchost.exe
%Windir%\system.exe
%Windir%\system\lsass.exe
%Windir%\system\msddll.exe
%Windir%\system32.exe
%Windir%\trkwksvc.exe
%Windir%\windows.exe
%Windir%\winsccoo.exe
c:\folder.exe
c:\inetpub\inetpub.exe
Notes:
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.