ThreatExpert's Statistics for PE_VIRUT.XL [Trend Micro]:

PE_VIRUT.XL [Trend Micro] is also known as:

Threat Alias	Number of Incidents
W32/Virut.gen [McAfee]	296
Win32.Virut.Gen.5 [PC Tools]	207
W32/Vetor-A [Sophos]	173
Virus.Win32.Virut.n [Kaspersky Lab]	152
W32.Virut.U [Symantec]	152
Virus:Win32/Virut.AF [Microsoft]	149
Virus.Win32.Virut.q [Kaspersky Lab]	96
Virus.Win32.Virut.o [Kaspersky Lab]	75
Bloodhound.Unknown [Symantec]	54
Win32.Virut.G [PC Tools]	45
W32.SillyFDC [Symantec]	33
Win32/Virut.D [AhnLab]	30
Virus.Win32.Virut.o [Ikarus]	27
Virus.Win32.Sality [Ikarus]	26
Virus:Win32/Virut.AE [Microsoft]	21
Virus.Win32.Virut [Ikarus]	17
Worm.VB.FMU [PC Tools]	11
Generic VB.c [McAfee]	10
Worm.VB.YVF [PC Tools]	10
Hider [McAfee]	8
Trojan.Hider.G [PC Tools]	8
Trojan.VB.EPP [PC Tools]	7
Virus.Win32.VB.bg [Kaspersky Lab]	7
W32.Rontokbro@mm [Symantec]	7
Worm.VB.ZUI [PC Tools]	6
Spam-Mailbot [McAfee]	5
W32.Rontokbro.X@mm [Symantec]	5
Worm.Sohanad.R [PC Tools]	5
Generic FakeAlert.d [McAfee]	4
PWS-Gamania.gen.a [McAfee]	4
Trojan.Win32.VB.atg [Kaspersky Lab]	4
W32.SillyDC [Symantec]	4
Backdoor.Trojan [Symantec]	3
I-Worm.Brontok.CH [PC Tools]	3
W32.Gammima.AG [Symantec]	3
W32.IRCBot [Symantec]	3
W32/Bindo.worm [McAfee]	3
W32/MoonLight.worm [McAfee]	3
Worm.P2P.Malas.Gen [PC Tools]	3
Backdoor.Win32.PoeBot.C [Ikarus]	2
Downloader-ASH.gen.b [McAfee]	2
Email-Worm.Win32.Brontok [Ikarus]	2
Email-Worm.Win32.Brontok.N [Ikarus]	2
I-Worm.Brontok.CU [PC Tools]	2
Mal/Behav-164 [Sophos]	2
PWS-Gamania.gen.c [McAfee]	2
Trojan Horse [Symantec]	2
Trojan-Clicker.Win32.VB [Ikarus]	2
TrojanSpy.Ardamax.WQ [PC Tools]	2
Trojan-Spy.Win32.Banker.RM [Ikarus]	2
Virus.Win32.VB.eg [Kaspersky Lab]	2
Virus:Win32/Virut.gen!L [Microsoft]	2
W32.Lunalight@mm [Symantec]	2
W32/Autorun.worm.bl [McAfee]	2
W32/Autorun.worm.bx.gen [McAfee]	2
W32/Autorun.worm.f [McAfee]	2
Win-Trojan/Agent.19456.OF [AhnLab]	2
Win-Trojan/Agent.8704.PW [AhnLab]	2
Worm.Sohanad.Y [PC Tools]	2
Worm.Sohanad.Z [PC Tools]	2
Worm:Win32/Malas.gen [Microsoft]	2
Application.Ardamax_Keylogger [PC Tools]	1
Backdoor.Agent.IVN [PC Tools]	1
Backdoor.Agent.LBN [PC Tools]	1
Backdoor.BeastDoor.AX [PC Tools]	1
Backdoor.Small.VZJ [PC Tools]	1
Backdoor.VanBot.KB [PC Tools]	1
Backdoor.Win32.Frauder.dk [Ikarus]	1
Backdoor.Win32.Nepoe.em [Kaspersky Lab]	1
Backdoor.Win32.UltimateDefender [Ikarus]	1
Backdoor:Win32/Poebot.AD [Microsoft]	1
Backdoor:Win32/Poebot.AT [Microsoft]	1
Backdoor:Win32/Poebot.BA [Microsoft]	1
Backdoor:Win32/Poebot.BG [Microsoft]	1
BackDoor-AMQ [McAfee]	1
Email-Worm.Win32.Runouce.B [Ikarus]	1
Email-Worm.Win32.VB.cb [Ikarus]	1
Generic PWS.ak [McAfee]	1
Generic.Sdbot [Ikarus]	1
IM-Worm.Win32.VB [Ikarus]	1
IRC Trojan [Symantec]	1
I-Worm.Brontok.CE [PC Tools]	1
I-Worm.Brontok.CJ [PC Tools]	1
I-Worm.Brontok.CP [PC Tools]	1
I-Worm.Brontok.DL [PC Tools]	1
I-Worm.Brontok.EG [PC Tools]	1
I-Worm.Brontok.R [PC Tools]	1
Mal/Behav-043, W32/Vetor-A [Sophos]	1
Mal/Behav-164, W32/Vetor-DAM [Sophos]	1
Mal/Generic-A [Sophos]	1
not-a-Virus.Hacktool.Keygen [Ikarus]	1
P2P-Worm.Win32.Malas.g [Ikarus]	1
Suspicious.MH690 [Symantec]	1
Trojan.Agent.DSR [PC Tools]	1
Trojan.Agent.VYJ [PC Tools]	1
Trojan.DL.Agent.ECQG [PC Tools]	1
Trojan.DL.AutoIt.DO [PC Tools]	1
Trojan.DR.Small.UPY [PC Tools]	1
Trojan.Jonben.A [PC Tools]	1
Trojan.PWS.OnLineGames.BKA [PC Tools]	1

PE_VIRUT.XL [Trend Micro] has the following possible countries of origin:

Origin		Number of Incidents
	China	25
	United Kingdom	14
	Netherlands	8
	Germany	6
	Thailand	6
	Russian Federation	5
	Iran	3
	Spain	3
	Belgium	2
	Republic of Korea	2
	Sweden	2
	Israel	1
	Romania	1
	Ukraine	1
	Viet Nam	1

PE_VIRUT.XL [Trend Micro] is known to be created as:

%AppData%\%username%.task\services.exe

%AppData%\br6657on.exe

%AppData%\csrss.exe

%AppData%\inetinfo.exe

%AppData%\jalak-931738815-bali.com

%AppData%\lsass.exe

%AppData%\services.exe

%AppData%\smss.exe

%AppData%\start\update.exe

%AppData%\svchost.exe

%AppData%\winlogon.exe

%CommonAppData%\normal.exe

%CommonPrograms%\startup\lsass.exe

%FontsDir%\fonts.exe

%FontsDir%\tskmgr.exe

%ProgramFiles%\common files\system\msasp32.exe

%ProgramFiles%\common files\system\msiwa32.exe

%ProgramFiles%\explorer.exe

%ProgramFiles%\microsoft common\wuauclt.exe

%ProgramFiles%\xpcode\sexgame.exe

%ProgramFiles%\xpcode\sexscreensaver.scr

%Programs%\startup\ctfmon.exe

%Programs%\startup\systemnt.exe

%System%\1025.exe

%System%\1028.exe

%System%\1031.exe

%System%\1033.exe

%System%\1037.exe

%System%\1041.exe

%System%\1042.exe

%System%\1054.exe

%System%\2052.exe

%System%\227387645063l.exe

%System%\28463\akv.exe

%System%\28463\naje.exe

%System%\3076.exe

%System%\3361\svchost.exe

%System%\3com_dmi.exe

%System%\3fabe9c0.exe

%System%\4e17c240.exe

%System%\662832100427l.exe

%System%\662832180427l.exe

%System%\afub.exe

%System%\amvo.exe

%System%\avpo.exe

%System%\av-prev.exe

%System%\avsp.exe

%System%\blastclnnn.exe

%System%\bttnserv.exe

%System%\c_44292k.com

%System%\catroot.exe

%System%\catroot2.exe

%System%\ckvo.exe

%System%\cmd-brontok.exe

%System%\com.exe

%System%\com\lsass.exe

%System%\config.exe

%System%\controls.exe

%System%\csrs.exe

%System%\csrsc.exe

%System%\dhcp.exe

%System%\directx.exe

%System%\dllcache\default.exe

%System%\dllcache\global.exe

%System%\dllcache\qxchost.exe

%System%\dllcache\regedit32.com

%System%\dllcache\rtsecar.exe

%System%\dllcache\shell32.com

%System%\dllcache\svchost.exe

%System%\dllchache.exe

%System%\drivers.exe

%System%\drivers\drivers.cab.exe

%System%\drivers\spoclsv.exe

%System%\exerun.exe

%System%\explorer.exe

%System%\ex-plorer.exe

%System%\export.exe

%System%\flashy.exe

%System%\ias.exe

%System%\icsxml.exe

%System%\iexplore.exe

%System%\ime.exe

%System%\inetsrv.exe

%System%\isass.exe

%System%\kavo.exe

%System%\kxvo.exe

%System%\liwqldu.exe

%System%\lphc35dj0erc1.exe

%System%\m5vbvm60.exe

%System%\macromed.exe

%System%\microsoft.exe

%System%\moonlight.scr

%System%\msdpjb.com

%System%\msdtc.exe

%System%\mslogon.exe

%System%\mui.exe

%System%\n7533\b8682.exe

%System%\n7533\csrss.exe

%System%\n7533\lsass.exe

%System%\n7533\services.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).