ThreatExpert's Statistics for PE_VIRUT.XO [Trend Micro]:

PE_VIRUT.XO [Trend Micro] is also known as:

Threat Alias	Number of Incidents
W32/Virut.gen [McAfee]	492
Virus.Win32.Virut.q [Kaspersky Lab]	475
Win32.Virut.Gen.5 [PC Tools]	406
W32/Vetor-A [Sophos]	360
W32.Virut.U [Symantec]	338
Virus:Win32/Virut.AP [Microsoft]	259
Virus:Win32/Virut.L [Microsoft]	103
Win32/Virut.D [AhnLab]	68
Trojan-Downloader.Win32.VB.bbi [Ikarus]	57
Virus.Win32.Virut [Ikarus]	43
Bloodhound.Unknown [Symantec]	36
Virus.Win32.Sality [Ikarus]	36
Win32.Virut.J.Gen [PC Tools]	26
W32.SillyFDC [Symantec]	21
Generic VB.c [McAfee]	9
Spam-Mailbot [McAfee]	8
W32.Rontokbro@mm [Symantec]	8
W32.Spybot.Worm [Symantec]	8
Worm.VB.FMU [PC Tools]	8
Mal/EncPk-BW, W32/Vetor-A [Sophos]	5
Virus.Win32.Virut.bo [Ikarus]	5
Virus.Win32.Virut.q [Ikarus]	5
Worm.VB.YVF [PC Tools]	5
Worm.Win32.AutoRun [Ikarus]	5
Worm.Win32.VB.du [Ikarus]	5
FakeAlert-AG.gen.c [McAfee]	4
PWS-Banker.gen.aa [McAfee]	4
Trojan.Agent.VYJ [PC Tools]	4
Virus.Win32.Virut.ak [Ikarus]	4
W32.Rajump [Symantec]	4
W32/MoonLight.worm [McAfee]	4
Email-Worm.Win32.Tanatos.B [Ikarus]	3
Hider [McAfee]	3
Mal/Behav-164, W32/Vetor-A [Sophos]	3
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]	3
PWS-Gamania.gen.a [McAfee]	3
Trojan Horse [Symantec]	3
Trojan.Hider.G [PC Tools]	3
Trojan.Win32.Pakes.cob [Kaspersky Lab]	3
Trojan-Dropper.Delf [Ikarus]	3
Trojan-Spy.Win32.Banker.RM [Ikarus]	3
Virus.Win32.Sality.s [Ikarus]	3
Virus:Win32/Virut.gen!L [Microsoft]	3
W32.IRCBot [Symantec]	3
Win32.Virtob.2 [Ikarus]	3
Worm.VB.WKJ [PC Tools]	3
Backdoor.Win32.Rbot.rqg [Kaspersky Lab]	2
Backdoor.Win32.VanBot [Ikarus]	2
Email-Worm.Win32.Brontok.A [Ikarus]	2
Email-Worm.Win32.Mydoom.bj [Ikarus]	2
Email-Worm.Win32.Runouce.B [Ikarus]	2
Email-Worm.Win32.Runouce.b [Kaspersky Lab]	2
JS.Chir.B [PC Tools]	2
Mal/Dorf-A [Sophos]	2
Trojan.Agent.DEL [PC Tools]	2
Trojan.DL.AutoIt.DO [PC Tools]	2
Trojan.Dropper [Symantec]	2
Trojan.VB.ECQ [PC Tools]	2
Trojan.VB.WAI [PC Tools]	2
Trojan.Win32.Agent [Ikarus]	2
Trojan-Dropper.Win32.Cutwail.AL [Ikarus]	2
Trojan-Dropper.Win32.Small.azk [Ikarus]	2
TrojanSpy.Bancos.AAM [PC Tools]	2
Trojan-Spy.Win32.Bancos.aam [Kaspersky Lab]	2
Virus.Win32.PurityScan.AF [Ikarus]	2
Virus.Win32.VB.bg [Ikarus]	2
Virus.Win32.Virtob [Ikarus]	2
Virus.Win32.Virut.n [Kaspersky Lab]	2
Virus:Win32/Azero.A [Microsoft]	2
W32.Mytob@mm [Symantec]	2
W32.Rontokbro.AN@mm [Symantec]	2
W32.Svich [Symantec]	2
W32/Autorun.worm.bx.gen [McAfee]	2
W32/Dref-AW [Sophos]	2
W32/Nachi.worm.a [McAfee]	2
W32/Nuwar@MM [McAfee]	2
Win32/Virut.C [AhnLab]	2
Win-Trojan/Agent.11264.JZ [AhnLab]	2
Win-Trojan/Agent.9216.FL [AhnLab]	2
Win-Trojan/Downloader.11264.GK [AhnLab]	2
Win-Trojan/Downloader.8704.XA [AhnLab]	2
Win-Trojan/Spambot.7680 [AhnLab]	2
Win-Trojan/Xema.variant [AhnLab]	2
Worm.Poebot.FG [PC Tools]	2
Worm.SdBot.GAP [PC Tools]	2
Worm.Sohanad.R [PC Tools]	2
Worm.VB.YFU [PC Tools]	2
Worm.VB.ZUI [PC Tools]	2
Worm.Win32.Nachi [PC Tools]	2
Worm:Win32/Autorun.OX [Microsoft]	2
Backdoor.Agent.IVA [PC Tools]	1
Backdoor.DsBot.AM [PC Tools]	1
Backdoor.IRCBot.AAH [PC Tools]	1
Backdoor.Small.VZJ [PC Tools]	1
Backdoor.VanBot.IK [PC Tools]	1
Backdoor.Win32.Agent.dqb [Kaspersky Lab]	1
Backdoor.Win32.Breplibot [Ikarus]	1
Backdoor.Win32.EggDrop.v [Kaspersky Lab]	1
Backdoor.Win32.IRCBot [Ikarus]	1
Backdoor.Win32.IRCBot.ceq [Kaspersky Lab]	1

PE_VIRUT.XO [Trend Micro] has the following possible countries of origin:

Origin		Number of Incidents
	China	17
	United Kingdom	15
	Brazil	14
	Netherlands	12
	Italy	9
	Russian Federation	7
	Israel	4
	Turkey	4
	France	3
	Germany	3
	Republic of Korea	2
	Taiwan	2
	Canada	1
	Czech Republic	1
	Denmark	1
	Iran	1
	Romania	1
	Thailand	1
	Ukraine	1

PE_VIRUT.XO [Trend Micro] is known to be created as:

%AppData%\%username%.task\services.exe

%AppData%\br6657on.exe

%AppData%\csrss.exe

%AppData%\facegame\facegame.exe

%AppData%\inetinfo.exe

%AppData%\lsass.exe

%AppData%\microsoft\nuxa.exe

%AppData%\services.exe

%AppData%\smss.exe

%AppData%\svchost.exe

%AppData%\update.exe

%AppData%\winlogon.exe

%CommonAppData%\normal.exe

%CommonDesktopDir%\desktop.exe

%CommonPrograms%\programs.exe

%CommonPrograms%\startup\msconfig.exe

%FontsDir%\services.exe

%FontsDir%\svchost.exe

%FontsDir%\unwise_.exe

%ProgramFiles%\common files\system\msasp32.exe

%ProgramFiles%\common files\system\msiwa32.exe

%ProgramFiles%\microsoft office\winword.exe

%ProgramFiles%\mirc\irc bot\services.exe

%ProgramFiles%\twain\twain.exe

%Programs%\startup\ctfmon.exe

%Programs%\startup\scan.com

%System%\_sv_.exe

%System%\005165423741l.exe

%System%\0617152d\services.exe

%System%\1126\ctfmon.exe

%System%\127387645063l.exe

%System%\3178629.exe

%System%\3361\svchost.exe

%System%\340510867285l.exe

%System%\440510867285l.exe

%System%\451621078306l.exe

%System%\45162178306l.exe

%System%\5165423741l.exe

%System%\6292775.exe

%System%\673843201528l.exe

%System%\793693.exe

%System%\7z.exe

%System%\8040\data.exe

%System%\8040\lsass.exe

%System%\8040\svchost.exe

%System%\884054312630l.exe

%System%\algi.exe

%System%\amvo.exe

%System%\av-prev.exe

%System%\caudio.exe

%System%\ckvo.exe

%System%\cmd-bro-ikx.exe

%System%\cmd-bro-lmx.exe

%System%\cmd-brontok.exe

%System%\cmd-bro-plx.exe

%System%\codeblocks.exe

%System%\controls.exe

%System%\cpl32ver.exe

%System%\csrcs.exe

%System%\dllcache\regedit32.com

%System%\dllcache\shell32.com

%System%\dllcache\zipexr.dll

%System%\dllchache.exe

%System%\dxblat.exe

%System%\dxblba.exe

%System%\dxblbh.exe

%System%\exerun.exe

%System%\exlorers.exe

%System%\ex-plorer.exe

%System%\f41\svchost.exe

%System%\flashy.exe

%System%\gassoocyw.exe

%System%\i75-d2\dkernel.exe

%System%\install.exe

%System%\isass.exe

%System%\loloxz\smss.exe

%System%\m5vbvm60.exe

%System%\mmdmm.exe

%System%\mmnpvo.exe

%System%\moonlight.scr

%System%\msconfig.exe

%System%\msmsgs.exe

%System%\msnmanegers.exe

%System%\myrer.exe

%System%\nod64.exe

%System%\ntos.exe

%System%\reader.exe

%System%\reader_s.exe

%System%\regedit.exe

%System%\regedit32.com

%System%\rpcsvc.exe

%System%\rs32net.exe

%System%\rsxiasjdm.exe

%System%\rund1132.exe

%System%\rvhost.exe

%System%\servises.exe

%System%\soundmix.exe

%System%\ssvichosst.exe

%System%\startup\scan.com

%System%\startup\scvhost.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).