Threat Search: 

ThreatExpert's Statistics for W32/Scribble-B [Sophos]:

W32/Scribble-B [Sophos] is also known as:
Threat AliasNumber of Incidents
W32.Virut.CF [Symantec]2,871
Virus.Win32.Virut.ce [Kaspersky Lab]2,772
Virus:Win32/Virut.BM [Microsoft]2,324
Win32/Virut.F [AhnLab]2,074
W32/Virut.n.gen [McAfee]1,883
Win32/Virut.E [AhnLab]808
Malware.Virut [PC Tools]470
New Win32 [McAfee]420
Virus:Win32/Virut.gen!O [Microsoft]340
New Win32.g4 [McAfee]147
W32/Virut.n [McAfee]133
Virus.Win32.Virut [Ikarus]116
PE_VIRUX.H-3 [Trend Micro]111
Virus:Win32/Virut.gen!E [Microsoft]92
Virus.Win32.Sality [Ikarus]83
New Poly Win32 [McAfee]57
PE_VIRUX.E-2 [Trend Micro]56
Virus.Win32.Virut.bo [Ikarus]41
PE_VIRUX.E-3 [Trend Micro]36
Trojan-Downloader.Win32.Agent.czsd [Kaspersky Lab]34
Trojan-Banker.Win32.Bancos [Ikarus]32
PE_VIRUX.A-1 [Trend Micro]30
PE_VIRUX.F-2 [Trend Micro]28
Virus.Win32.Bifrose [Ikarus]25
Spam-Mailbot [McAfee]24
New Win32.g2 [McAfee]23
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]23
W32.Virut [Ikarus]22
PE_VIRUX.F-3 [Trend Micro]21
Virus.Virut.j [PC Tools]21
Backdoor.Win32.Small.uc [Kaspersky Lab]20
Trojan-Spy.Win32.Banker.RM [Ikarus]20
Trojan.Win32.Banker [Ikarus]19
Trojan-Downloader.Win32.Cutwail [Ikarus]19
PE_VIRUX.A [Trend Micro]17
Trojan:Win32/Puzlice.A [Microsoft]17
Exploit.Win32.IMG-WMF [Ikarus]16
Trojan-Dropper.Agent [Ikarus]16
TrojanDropper:Win32/Puzlice.A [Microsoft]16
Trojan-Spy.Win32.VB [Ikarus]16
Backdoor.Win32.Popwin [Ikarus]15
Spammer [Ikarus]13
Virus.Win32.Virut.q [Ikarus]13
Backdoor.Win32.Beastdoor [Ikarus]12
Backdoor.Win32.Bifrose [Ikarus]12
New Win32.g3 [McAfee]12
VirTool.Win32.DelfInject [Ikarus]11
Virus.Win32.Virtob [Ikarus]11
Generic PWS.ak [McAfee]10
Spam-Mailbot.h.gen.a [McAfee]10
Trojan.Win32.Agent2.hxw [Kaspersky Lab]10
Trojan-Downloader.Win32.Banload [Ikarus]10
Backdoor.Win32.Refpron [Ikarus]9
Packed.Win32.Koblu [Ikarus]9
PE_VIRUX.E-4 [Trend Micro]9
Trojan-Clicker.Win32.Delf [Ikarus]9
Trojan-Clicker.Win32.VB [Ikarus]9
Trojan-Downloader.Win32.Small [Ikarus]9
TrojanProxy:Win32/Slenugga.A [Microsoft]9
Virus.Win32.Virut.n [Ikarus]9
PE_VIRUX.D-1 [Trend Micro]8
PE_VIRUX.J-4 [Trend Micro]8
Spy-Agent.bv.gen.b [McAfee]8
Trojan Horse [Symantec]8
Virus:Win32/Virut.gen!N [Microsoft]8
Trojan.Win32.Patched [Ikarus]7
Trojan-Dropper [Ikarus]7
Win32.Cadoiac.A [Ikarus]7
Backdoor:Win32/Refpron.M [Microsoft]6
Downloader [Symantec]6
Gen.Malware [Ikarus]6
Trojan-Dropper.VB.ggm [PC Tools]6
W32.SillyFDC [Symantec]6
Win32.Virtob [Ikarus]6
Win-Trojan/Spammer.31744 [AhnLab]6
Backdoor.Win32.Small.uh [Kaspersky Lab]5
Packed.Win32.Krap.b [Kaspersky Lab]5
Trojan.Crypt [Ikarus]5
Trojan.Win32.VB [Ikarus]5
Trojan-Clicker.VB.cwf [PC Tools]5
Trojan-Clicker.Win32.VB.cvg [Ikarus]5
Trojan-Downloader.LoadAdv [Ikarus]5
Trojan-Downloader.Win32.Zlob [Ikarus]5
Trojan-PWS.Win32.LdPinch [Ikarus]5
Trojan-Spy.Win32.Banker [Ikarus]5
VirTool.Win32.VBInject [Ikarus]5
Vundo.gen.aq [McAfee]5
W32.Imaut [Symantec]5
W32.IRCBot [Symantec]5
W32/Sality.gen [McAfee]5
Win32/ReaBot.worm.60929 [AhnLab]5
Worm.Win32.AutoRun [Ikarus]5
Worm:Win32/Taterf.B [Microsoft]5
Backdoor.Win32.Poison [Ikarus]4
Backdoor.Win32.PoisonIvy.az [Ikarus]4
Backdoor.Win32.VB [Ikarus]4
P2P-Worm.Win32.Palevo [Ikarus]4
PE_VIRUX.J-3 [Trend Micro]4
PWS-Banker [McAfee]4
Trojan.Autoit [Ikarus]4

W32/Scribble-B [Sophos] has the following possible countries of origin:
OriginNumber of Incidents
China377
Russian Federation135
Germany56
Sweden54
Spain43
United Kingdom41
Saudi Arabia18
France17
Brazil15
Taiwan15
Poland13
Italy11
Turkey10
Australia7
Israel7
Netherlands6
Portugal5
Czech Republic4
Egypt4
Belgium3
Greece3
Iran3
Austria2
Iraq2
Jordan2
Slovenia2
Canada1
Chile1
Finland1
Hungary1
Japan1
Lebanon1
Norway1
Oman1
Romania1
Slovakia1
Syria1

W32/Scribble-B [Sophos] is known to be created as:
%AllUsersProfile%\desktop.exe
%AllUsersProfile%\favorites.exe
%AppData%\sysdate32.exe
%CommonDesktopDir%\desktop.exe
%CommonFavorites%\favorites.exe
%CommonPrograms%\chkdisk.exe
%CommonPrograms%\startup\startup.exe
%DesktopDir%\desktop.exe
%FontsDir%\fonts.exe
%FontsDir%\logcde.dll
%FontsDir%\services.exe
%FontsDir%\svchost.exe
%FontsDir%\tskmgr.exe
%FontsDir%\uninstall_.exe
%FontsDir%\unwise_.exe
%FontsDir%\windef.dll
%LocalSettings%\tempkey.exe
%ProgramFiles%\alphaant\alpha.exe
%ProgramFiles%\bifrost\server.exe
%ProgramFiles%\common files\system\msasp32.exe
%ProgramFiles%\gamazer.3.exe
%ProgramFiles%\internet explorer\mui.exe
%ProgramFiles%\internet explorer\mui\0409.exe
%ProgramFiles%\internet explorer\mui\0409\0409.exe
%ProgramFiles%\internet explorer\mui\mui.exe
%ProgramFiles%\kegen.exe
%ProgramFiles%\manson\liser.exe
%ProgramFiles%\meex.exe
%ProgramFiles%\messenger.exe
%ProgramFiles%\messenger\messenger.exe
%ProgramFiles%\microsoft common\svchost.exe
%ProgramFiles%\netmeeting.exe
%ProgramFiles%\netmeeting\netmeeting.exe
%ProgramFiles%\no-ip\duc20.exe
%ProgramFiles%\thunmail\testabd.exe
%ProgramFiles%\windows media player\skins.exe
%ProgramFiles%\windows media player\skins\skins.exe
%ProgramFiles%\windows\csrss.exe
%ProgramFiles%\winpcap.exe
%ProgramFiles%\winpcap\winpcap.exe
%System%\.00cd1a40\00cd1a40.exe
%System%\1054v.exe
%System%\1061044.exe
%System%\1114878.exe
%System%\1124216.exe
%System%\1163889.exe
%System%\1392618.exe
%System%\1438649.exe
%System%\1472391.exe
%System%\1502472.exe
%System%\155309.exe
%System%\1587167.exe
%System%\1673281.exe
%System%\1772553.exe
%System%\1775869.exe
%System%\1949257.exe
%System%\2501627.exe
%System%\2713724.exe
%System%\28463\svchost.exe
%System%\2851786.exe
%System%\28892.exe
%System%\294748.exe
%System%\2985758.exe
%System%\3216959.exe
%System%\3361\svchost.exe
%System%\3362833.exe
%System%\3429789.exe
%System%\3555246.exe
%System%\3649343.exe
%System%\3780283.exe
%System%\3824534.exe
%System%\3827158.exe
%System%\3833211.exe
%System%\3955942.exe
%System%\3967233.exe
%System%\3976359.exe
%System%\4067301.exe
%System%\4121012.exe
%System%\4337687.exe
%System%\4348703.exe
%System%\4350657.exe
%System%\4358164.exe
%System%\4548869.exe
%System%\4662394.exe
%System%\467663.exe
%System%\5220132.exe
%System%\5510813.exe
%System%\5556131.exe
%System%\5581308.exe
%System%\5621714.exe
%System%\5700937.exe
%System%\5781036.exe
%System%\5791727.exe
%System%\5915293.exe
%System%\5919718.exe
%System%\5922922.exe
%System%\5934549.exe
%System%\5941568.exe
%System%\6180215.exe
%System%\6383005.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
  • %CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
  • %FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).