ThreatExpert's Statistics for W32.Virut.CF [Symantec]:

W32.Virut.CF [Symantec] is also known as:

Threat Alias	Number of Incidents
Virus.Win32.Virut.ce [Kaspersky Lab]	3,094
W32/Scribble-B [Sophos]	2,871
Virus:Win32/Virut.BM [Microsoft]	2,830
Win32/Virut.F [AhnLab]	2,131
W32/Virut.n.gen [McAfee]	1,901
Win32/Virut.E [AhnLab]	849
Malware.Virut [PC Tools]	562
New Win32 [McAfee]	480
Virus:Win32/Virut.gen!O [Microsoft]	342
W32/Virut.n [McAfee]	304
W32/Scribble-A [Sophos]	293
New Win32.g4 [McAfee]	172
Virus.Win32.Sality [Ikarus]	129
Virus.Win32.Virut [Ikarus]	117
PE_VIRUX.H-3 [Trend Micro]	115
Virus:Win32/Virut.gen!E [Microsoft]	105
New Poly Win32 [McAfee]	93
Mal/HckPk-A, W32/Scribble-B [Sophos]	89
Virus.Win32.Bifrose [Ikarus]	60
PE_VIRUX.E-2 [Trend Micro]	50
Virus.Win32.Virut.bo [Ikarus]	48
Mal/Bifrose-S, W32/Scribble-B [Sophos]	46
Trojan-Banker.Win32.Bancos [Ikarus]	40
PE_VIRUX.A-1 [Trend Micro]	37
PE_VIRUX.E-3 [Trend Micro]	36
PE_VIRUX.A [Trend Micro]	33
Spam-Mailbot [McAfee]	33
Trojan-Downloader.Win32.Agent.czsd [Kaspersky Lab]	32
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]	29
BackDoor-CEP.gen.au [McAfee]	26
Trojan-Spy.Win32.Banker.RM [Ikarus]	23
Virus.Win32.Virut.q [Ikarus]	23
W32.Virut [Ikarus]	23
Backdoor.Rbot [Ikarus]	22
PE_VIRUX.F-2 [Trend Micro]	22
Trojan-Downloader.Win32.Cutwail [Ikarus]	22
W32/Sdbot.worm.gen.g [McAfee]	22
WORM_RBOT.GEN-1 [Trend Micro]	22
Backdoor.Win32.Popwin [Ikarus]	21
Virus.Virut.j [PC Tools]	21
W32/Rbot-Fam, W32/Scribble-B [Sophos]	21
Worm.Akbot.Gen [PC Tools]	21
Exploit.Win32.IMG-WMF [Ikarus]	20
New Win32.g2 [McAfee]	20
Trojan.Win32.Banker [Ikarus]	20
Backdoor.Win32.Small.uc [Kaspersky Lab]	19
PE_VIRUX.F-3 [Trend Micro]	19
New Win32.g3 [McAfee]	17
Mal/Scribble-C, W32/Scribble-B [Sophos]	16
Packed.Win32.Koblu [Ikarus]	15
Trojan-Dropper.Agent [Ikarus]	15
Backdoor.Win32.Bifrose [Ikarus]	14
Spammer [Ikarus]	14
Backdoor.Win32.Beastdoor [Ikarus]	12
Spam-Mailbot.h.gen.a [McAfee]	12
Trojan-Downloader.Win32.Banload [Ikarus]	12
Virus.Win32.JunkPoly [Ikarus]	12
Virus.Win32.Virtob [Ikarus]	12
Virus.Win32.Virut.n [Ikarus]	12
Mal/FakeVirPk-A, W32/Scribble-B [Sophos]	11
Mal/HckPk-A [Sophos]	11
Trojan.Win32.Agent2.hxw [Kaspersky Lab]	11
Trojan.Win32.Patched [Ikarus]	11
Trojan-Spy.Win32.VB [Ikarus]	11
Virus:Win32/Virut.gen!M [Microsoft]	11
Win-Trojan/Midgare.32256 [AhnLab]	11
Backdoor.Win32.Refpron [Ikarus]	10
Mal/Bifrose-S, Mal/Bifrose-S, W32/Scribble-B [Sophos]	10
PWS-Banker [McAfee]	10
TrojanProxy:Win32/Slenugga.A [Microsoft]	10
BackDoor-CEP.gen.g [McAfee]	9
Generic PWS.ak [McAfee]	9
Trojan-Clicker.Win32.VB [Ikarus]	9
Win32.Cadoiac.A [Ikarus]	9
PE_VIRUX.E-4 [Trend Micro]	8
PE_VIRUX.J-4 [Trend Micro]	8
Trojan.Midgare.hhn [PC Tools]	8
Trojan:Win32/Puzlice.A [Microsoft]	8
Trojan-Clicker.Win32.Delf [Ikarus]	8
Trojan-Downloader.Win32.Small [Ikarus]	8
VirTool.Win32.DelfInject [Ikarus]	8
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	7
Backdoor:Win32/Refpron.M [Microsoft]	7
BKDR_AHZE.NY [Trend Micro]	7
Mal/EncPk-HJ, W32/Scribble-B [Sophos]	7
New Malware.bj [McAfee]	7
Packed.Win32.Katusha.c [Kaspersky Lab]	7
PE_VIRUX.D-1 [Trend Micro]	7
Trojan-Dropper [Ikarus]	7
Virus.Trojan.Win32.Midgare [Ikarus]	7
W32/DelpBck-Gen [Sophos]	7
Backdoor.Win32.Small.tv [Kaspersky Lab]	6
Cutwail [McAfee]	6
Mal/Generic-A [Sophos]	6
New Malware.fa [McAfee]	6
P2P-Worm.Win32.Palevo [Ikarus]	6
Packed.Win32.Krap.b [Kaspersky Lab]	6
Trojan Horse [Symantec]	6
Trojan-Downloader.Win32.Zlob [Ikarus]	6
Trojan-Dropper.VB.ggm [PC Tools]	6

W32.Virut.CF [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	China	420
	Russian Federation	124
	Sweden	94
	Germany	65
	Spain	44
	United Kingdom	41
	Brazil	22
	France	20
	Saudi Arabia	19
	Taiwan	19
	Italy	14
	Poland	13
	Turkey	12
	Australia	7
	Belgium	7
	Israel	7
	Portugal	7
	Netherlands	6
	Czech Republic	5
	Egypt	4
	Greece	4
	Republic of Korea	3
	Austria	2
	Canada	2
	Hungary	2
	Jordan	2
	Norway	2
	Chile	1
	Indonesia	1
	Iran	1
	Iraq	1
	Japan	1
	Lebanon	1
	Oman	1
	Romania	1
	Slovakia	1
	Slovenia	1
	Syria	1

W32.Virut.CF [Symantec] is known to be created as:

%AppData%\csrss.exe

%AppData%\e4u.exe

%AppData%\microsoft\windows\lsass.exe

%AppData%\sysdate32.exe

%CommonPrograms%\chkdisk.exe

%CommonPrograms%\startup\startup.exe

%FontsDir%\logcde.dll

%FontsDir%\services.exe

%FontsDir%\uninstall_.exe

%FontsDir%\unwise_.exe

%FontsDir%\windef.dll

%LocalSettings%\carbon.exe

%LocalSettings%\tempkey.exe

%ProgramFiles%\alphaant\alpha.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\sosue.exe

%ProgramFiles%\common files\system\msasp32.exe

%ProgramFiles%\gamazer.3.exe

%ProgramFiles%\manson\liser.exe

%ProgramFiles%\microsoft common\svchost.exe

%ProgramFiles%\movie maker\svchost.exe

%ProgramFiles%\no-ip\duc20.exe

%ProgramFiles%\superantispyware\keygen.exe

%ProgramFiles%\thunmail\testabd.exe

%ProgramFiles%\windows\csrss.exe

%System%\.00cd1a40\00cd1a40.exe

%System%\1054v.exe

%System%\1061044.exe

%System%\1114878.exe

%System%\1124216.exe

%System%\1392618.exe

%System%\1438649.exe

%System%\1472391.exe

%System%\1502472.exe

%System%\1587167.exe

%System%\1673281.exe

%System%\1772553.exe

%System%\1775869.exe

%System%\1949257.exe

%System%\2501627.exe

%System%\2713724.exe

%System%\28463\svchost.exe

%System%\2851786.exe

%System%\28892.exe

%System%\294748.exe

%System%\2985758.exe

%System%\3361\svchost.exe

%System%\3429789.exe

%System%\3555246.exe

%System%\3649343.exe

%System%\3780283.exe

%System%\3827158.exe

%System%\3833211.exe

%System%\3967233.exe

%System%\3976359.exe

%System%\4067301.exe

%System%\4121012.exe

%System%\4337687.exe

%System%\4348703.exe

%System%\4350657.exe

%System%\4358164.exe

%System%\4548869.exe

%System%\4662394.exe

%System%\467663.exe

%System%\5220132.exe

%System%\5510813.exe

%System%\5556131.exe

%System%\5621714.exe

%System%\5781036.exe

%System%\5919718.exe

%System%\5922922.exe

%System%\5934549.exe

%System%\5941568.exe

%System%\6180215.exe

%System%\6383005.exe

%System%\6424219.exe

%System%\6568857.exe

%System%\6603799.exe

%System%\7607646.exe

%System%\8010345.exe

%System%\8062185.exe

%System%\8076701.exe

%System%\8149465.exe

%System%\8293861.exe

%System%\8502908.exe

%System%\8661598.exe

%System%\8938547.exe

%System%\9189962.exe

%System%\9305519.exe

%System%\9474588.exe

%System%\9480844.exe

%System%\9749246.exe

%System%\adodca.exe

%System%\afisicx.exe

%System%\amvo.exe

%System%\ansid.exe

%System%\ashevtsvc.exe

%System%\autmgr.exe

%System%\av_md.exe

%System%\bifrost\server.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).