Threat Search: 

ThreatExpert's Statistics for PE_VIRUT.XV [Trend Micro]:

PE_VIRUT.XV [Trend Micro] is also known as:
Threat AliasNumber of Incidents
Win32.Virut.Gen.4 [PC Tools]98
W32/Virut [McAfee]63
Bloodhound.Unknown [Symantec]55
Virus.Win32.Virut.y [Kaspersky Lab]42
W32/Virut.f [McAfee]26
W32/Virut.g [McAfee]24
W32.Virut.W [Symantec]23
Virus.Win32.Virut.ab [Kaspersky Lab]20
Virus:Win32/Virut.Q [Microsoft]17
Virus.Win32.Virut.z [Kaspersky Lab]14
W32/Virut-V [Sophos]14
Virus.Win32.Virut.az [Kaspersky Lab]9
Worm.Bobax.AB [PC Tools]8
Win32/Virut.B [AhnLab]7
Virus:Win32/Virut.O [Microsoft]6
Downloader [Symantec]5
Mal/HckPk-A, W32/Virut-Gen [Sophos]3
Net-Worm.Win32.Bobic.dq [Kaspersky Lab]3
Virus.Win32.Virut.n [Kaspersky Lab]3
W32/Virut-Gen [Sophos]3
Adware.WhenU_SaveNow [PC Tools]2
AdWare.Win32.BHO [Ikarus]2
Trojan.Tiny.MK [PC Tools]2
Virus.Win32.Sality [Ikarus]2
Virus.Win32.Virut.au [Ikarus]2
W32/Vetor-G [Sophos]2
Backdoor:Win32/Poebot.AT [Microsoft]1
BackDoor-CEO [McAfee]1
BehavesLikeWin32.ProcessHijack [Ikarus]1
Exp/MS04011-A [Sophos]1
Exploit-DcomRpc.gen [McAfee]1
Generic.PWS.Games.4 [Ikarus]1
Infostealer.Gampass [Symantec]1
Mal/Behav-043, W32/Virut-Gen [Sophos]1
Net-Worm.Win32.Allaple.b [Kaspersky Lab]1
Packer.RLPack [Ikarus]1
PWS-Gamania.gen.a [McAfee]1
Qhost-Gen [McAfee]1
Trojan.Agent.VYJ [PC Tools]1
Trojan.DR.Agent.XDO [PC Tools]1
Trojan.Win32.Qhost.aei [Ikarus]1
Trojan-Dropper.Win32.Delf.ajo [Kaspersky Lab]1
Trojan-Dropper.Win32.Microjoin [Ikarus]1
VirTool.Win32.DelfInject [Ikarus]1
Virus.Win32.Crypt.CIK [Ikarus]1
Virus.Win32.Hupigon.MAP [Ikarus]1
Virus.Win32.VB.bb [Ikarus]1
Virus.Win32.Virut.n [Ikarus]1
W32.Ifbo.A [Symantec]1
W32.IRCBot [Symantec]1
W32.IRCBot.Gen [Symantec]1
W32.Jeefo [Symantec]1
W32.Rajump [Symantec]1
W32.Randex [Symantec]1
W32.SillyDC [Symantec]1
W32.SillyFDC [Symantec]1
W32.Spybot.Worm [Symantec]1
W32/Virut.gen.a [McAfee]1
W32/Virut.j [McAfee]1
Win32.Hidrag [PC Tools]1
Worm.AutoRun.eee [PC Tools]1
Worm.Korgo.AH [PC Tools]1
Worm.Poebot.CF [PC Tools]1
Worm.PoeBot.LA [PC Tools]1
Worm.Rbot.MCH [PC Tools]1
Worm.RBot.UOO [PC Tools]1
Worm.Win32.Pushbot [Ikarus]1

PE_VIRUT.XV [Trend Micro] has the following possible countries of origin:
OriginNumber of Incidents
Czech Republic5
Russian Federation5
China3
Sweden2
Canada1
Germany1
Israel1
Netherlands1
Poland1
Romania1
Slovenia1
Spain1
Turkey1
United Kingdom1

PE_VIRUT.XV [Trend Micro] is known to be created as:
%FontsDir%\fonts.exe
%FontsDir%\tskmgr.exe
%ProgramFiles%\outlook\outlook.exe
%System%\algs.exe
%System%\amvo.exe
%System%\bhvzmb.exe
%System%\bykupdjxmwheev.exe
%System%\cfgjhyoerr.exe
%System%\dllcache\default.exe
%System%\dllcache\global.exe
%System%\dllcache\rtsecar.exe
%System%\dllcache\svchost.exe
%System%\drivers\drivers.cab.exe
%System%\ekdfmemrwdpksi.exe
%System%\ekxfwspfc.exe
%System%\firewall.exe
%System%\iexplore.exe
%System%\logon.exe
%System%\lssas.exe
%System%\nqnnsuymk.exe
%System%\regedit.exe
%System%\syst3m32.exe
%System%\system.exe
%System%\systemio.exe
%System%\tsqla.exe
%System%\ynbfsp.exe
%System%\ynftjyawp.exe
%Temp%\glb1a2b.exe
%Temp%\rar_password_cracker_v4.12\install.exe
%Windir%\antiv.exe
%Windir%\mixa.exe
%Windir%\mssmpp.exe
%Windir%\msword.exe
%Windir%\pchealth\global.exe
%Windir%\pchealth\helpctr\binaries\helphost.com
%Windir%\svchost.exe
%Windir%\system\keyboard.exe
%Windir%\userinit.exe
c:\jiwsxh39.exe
c:\mixa_i.exe
c:\ms-dos.com
c:\ravmon.exe
Notes:
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.