Threat Search: 

ThreatExpert's Statistics for Virus.Win32.Rootkit [Ikarus]:

Virus.Win32.Rootkit [Ikarus] is also known as:
Threat AliasNumber of Incidents
Trojan.Win32.Monder.bdnr [Kaspersky Lab]98
Trojan.Vundo [Symantec]95
Rootkit.Win32.Agent.gvt [Kaspersky Lab]81
Program:Win32/Antivirus2009 [Microsoft]68
Generic PUP.z [McAfee]66
Mal/Generic-A [Sophos]44
Generic Dropper.cx [McAfee]40
Mal/EncPk-HW [Sophos]40
Hacktool.Rootkit [Symantec]36
Generic.dx [McAfee]30
Trojan.Adclicker [Symantec]25
Mal/EncPk-HJ [Sophos]22
TrojanDownloader:Win32/Fakeinit [Microsoft]22
Hacktool.Rootkit!sd6 [PC Tools]20
Generic Rootkit.d [McAfee]18
Troj/Virtum-Gen [Sophos]17
Trojan.Win32.Agent.asus [Kaspersky Lab]16
Trojan.Adclicker!sd6 [PC Tools]15
Trojan Horse [Symantec]13
PWS:Win32/Zbot.NK [Microsoft]12
Trojan:Win32/Vundo.KZ [Microsoft]12
Trojan.Dropper [Symantec]11
Infostealer [Symantec]10
Troj/Dropr-BG [Sophos]10
Generic BackDoor [McAfee]9
Infostealer.Banker.C [Symantec]9
Trojan:Win32/VB [Microsoft]9
Trojan-Spy.Win32.Zbot.ffw [Kaspersky Lab]9
Win-Trojan/Agent.6912.E [AhnLab]9
Trojan.Vundo!sd6 [PC Tools]8
Vundo [McAfee]8
Backdoor.Trojan [Symantec]7
Backdoor:WinNT/Rustock.E [Microsoft]7
Generic Dropper.hf [McAfee]6
Keylog-PAL [McAfee]6
Trojan.Win32.Agent.airw [Kaspersky Lab]6
Win-Trojan/Xema.variant [AhnLab]6
Trojan-Downloader.Win32.Agent.bgzf [Kaspersky Lab]5
Trojan-Downloader.Win32.Agent.biiw [Kaspersky Lab]5
Application.Component.PAL_Solutions [PC Tools]4
Backdoor:Win32/Poisonivy.E [Microsoft]4
DNSChanger.r [McAfee]4
Mal/Alureon-C, Mal/FakeVirPk-A [Sophos]4
Packed.Generic.200 [Symantec]4
Packed.Win32.Tdss.c [Kaspersky Lab]4
Trojan.Dropper [PC Tools]4
Trojan.Win32.VB.vds [Kaspersky Lab]4
Virus.Win32.Agent.dg [Kaspersky Lab]4
Win32/Triff.worm.44774 [AhnLab]4
Win-Trojan/Agent.10752.GO [AhnLab]4
Win-Trojan/Poison.24190 [AhnLab]4
Infostealer.Gampass [Symantec]3
Trojan.Agent!sd6 [PC Tools]3
Trojan.Win32.Agent [Ikarus]3
Trojan-Dropper.Win32.Agent.amam [Kaspersky Lab]3
Trojan-Spy.Banker!sd6 [PC Tools]3
W32/Virut.gen [McAfee]3
Backdoor.Paproxy [Symantec]2
Backdoor.Winnt [Ikarus]2
Downloader [Symantec]2
FakeAlert-BV [McAfee]2
Generic Dropper.fd [McAfee]2
Generic PWS.ak [McAfee]2
Generic PWS.y [McAfee]2
Mal/EncPk-CO [Sophos]2
Mal/Frethog-B [Sophos]2
Mal/Generic-A, Mal/RKRustok-B [Sophos]2
Packed.Generic.187 [Symantec]2
PE_VIRUT.D [Trend Micro]2
Troj/FakeVir-KC [Sophos]2
TROJ_FAKEAV.BDO [Trend Micro]2
Trojan.Fakeavalert [Symantec]2
Trojan:Win32/Tibs.IT [Microsoft]2
TrojanDownloader:Win32/Renos.GX [Microsoft]2
Virus.Win32.Virut.n [Kaspersky Lab]2
Virus:Win32/Virut.AK [Microsoft]2
W32.Virut.B [Symantec]2
W32/Vetor-A [Sophos]2
Win32.Virut.Gen [PC Tools]2
Win-Trojan/Agent.81931.J [AhnLab]2
Win-Trojan/Peed.86750 [AhnLab]2
Adware.ISMonitor [Symantec]1
Adware:Win32/InternetSpeedMonitor [Microsoft]1
Backdoor.Sdbot [Symantec]1
Backdoor.Win32.Agent.aexk [Kaspersky Lab]1
Backdoor.Win32.Agent.swi [Kaspersky Lab]1
Backdoor.Win32.SdBot.kvo [Kaspersky Lab]1
Backdoor.Win32.VanBot.bbc [Kaspersky Lab]1
Backdoor:Win32/IRCbot.CK [Microsoft]1
Backdoor:WinNT/Rustock.H [Microsoft]1
Bredolab!a [McAfee]1
DNSChanger.gen [McAfee]1
Downloader-ASH.gen.b [McAfee]1
Email-Worm.Win32.Joleee.gu [Kaspersky Lab]1
Generic Downloader.x [McAfee]1
Generic Dropper.bw [McAfee]1
Generic Dropper.p [McAfee]1
Generic FakeAlert.a [McAfee]1
Generic PUP.x [McAfee]1
Generic.dx!ed [McAfee]1

Virus.Win32.Rootkit [Ikarus] has the following possible countries of origin:
OriginNumber of Incidents
China12
Russian Federation8
France2
Republic of Korea2
Switzerland2
Slovakia1
Turkey1
United Kingdom1

Virus.Win32.Rootkit [Ikarus] is known to be created as:
%AppData%\microsoft\windows.exe
%System%\.7e7753f2bf9a04bc\7e7753f2bf9a04bc.exe
%System%\cifm0m.exe
%System%\cifmom.exe
%System%\cifn0n.exe
%System%\cifnon.exe
%System%\cssrss.exe
%System%\ctfm0m.exe
%System%\ctfm0n.exe
%System%\ctfmom.exe
%System%\ctfn0m.exe
%System%\ctfn0n.exe
%System%\ctfnom.exe
%System%\ctfnon.exe
%System%\dll32.dll
%System%\dllcache\userinit.exe
%System%\drivers\1afb8e2e.sys
%System%\drivers\2fb4c5a9.sys
%System%\drivers\37b774ab.sys
%System%\drivers\38b2c274.sys
%System%\drivers\53660ebd.sys
%System%\drivers\8d908498.sys
%System%\drivers\bfa4cccb.sys
%System%\drivers\c6ecee24.sys
%System%\drivers\ondbsyfkgfjn.sys
%System%\explorer.exe
%System%\frmwrk32.exe
%System%\ieexplorer32.exe
%System%\kavo0.dll
%System%\kavo2.dll
%System%\kxvo.exe
%System%\lhtc2.28.exe
%System%\loa.exe
%System%\logon.exe
%System%\mcrshl.exe
%System%\mssenger.exe
%System%\ntos.exe
%System%\pal\css\cpu.exe
%System%\pal\pcs\cpu.exe
%System%\psyche.exe
%System%\reset5.exe
%System%\winscenter.exe
%System%\wmxs5.0.exe
%Temp%\dnfupdate.exe
%Temp%\internetdownloadmanager.exe
%Temp%\ixp000.tmp\gfdhfd.exe
%Temp%\ixp000.tmp\noelbot.exe
%Temp%\my.exe
%Temp%\zews.exe
%UserProfile%\vetrac.exe
%Windir%\9129837.exe
%Windir%\b3423423.exe
%Windir%\faceback.exe
%Windir%\schost.exe
%Windir%\server.exe
%Windir%\services.exe
%Windir%\svchost.exe
%Windir%\sysguard.exe
%Windir%\system\vetrac.exe
%Windir%\system32:explorer.exe
%Windir%\system32:smss.exe
%Windir%\system32:svchost.exe
%Windir%\winlogon.exe
%Windir%\wkssvr.exe
c:\tkvfd03.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.