ThreatExpert's Statistics for W32.Virut.U [Symantec]:

W32.Virut.U [Symantec] is also known as:

Threat Alias	Number of Incidents
W32/Vetor-A [Sophos]	816
Win32.Virut.Gen.5 [PC Tools]	787
W32/Virut.gen [McAfee]	750
Virus.Win32.Virut.q [Kaspersky Lab]	681
PE_VIRUT.XO [Trend Micro]	338
PE_VIRUT.XP [Trend Micro]	266
Virus:Win32/Virut.AP [Microsoft]	241
Virus:Win32/Virut.AE [Microsoft]	231
Virus.Win32.Virut.n [Kaspersky Lab]	158
PE_VIRUT.XL [Trend Micro]	152
Virus:Win32/Virut.AF [Microsoft]	139
Win32/Virut.D [AhnLab]	125
Virus:Win32/Virut.L [Microsoft]	104
Virus.Win32.Sality [Ikarus]	98
Trojan-Downloader.Win32.VB.bbi [Ikarus]	96
Virus.Win32.Virut [Ikarus]	69
Virus:Win32/Virut.K [Microsoft]	58
Virus:Win32/Virut.AR [Microsoft]	45
PE_VIRUT.XS [Trend Micro]	39
Virus.Win32.Virut.q [Ikarus]	38
Virus.Win32.Virut.o [Ikarus]	32
Spam-Mailbot [McAfee]	20
Generic VB.c [McAfee]	16
Worm.Win32.VB.du [Ikarus]	16
Worm.VB.YVF [PC Tools]	15
Generic FakeAlert.d [McAfee]	14
Email-Worm.Win32.VB.cp [Kaspersky Lab]	12
W32/MoonLig-J [Sophos]	12
WORM_MOONLIGHT.C [Trend Micro]	12
W32/Virut.remnants [McAfee]	10
Win-Trojan/Downloader.11264.GK [AhnLab]	10
Win-Trojan/Xema.variant [AhnLab]	10
Trojan-Spy.Win32.Banker.RM [Ikarus]	9
FakeAlert-AG.gen.c [McAfee]	8
Virus:Win32/Sality.AM [Microsoft]	7
PE_RUNGBU.C [Trend Micro]	6
PWS-Gamania.gen.a [McAfee]	6
Virus.Win32.Virut.au [Ikarus]	6
Virus.Win32.Virut.bo [Ikarus]	6
Worm.Rungbu.B [PC Tools]	6
Email-Worm.Win32.Runouce.B [Ikarus]	5
Mal/EncPk-BW, W32/Vetor-A [Sophos]	5
not-a-virus:Porn-Dialer.Win32.Agent.bk [Ikarus]	5
PE_PAGIPEF.BS-O [Trend Micro]	5
PWS-Banker.gen.aa [McAfee]	5
Virus.Win32.Virut.ak [Ikarus]	5
Virus:Win32/Virut.gen!AI [Microsoft]	5
W32/Nuwar@MM [McAfee]	5
Win32/Virut.C [AhnLab]	5
Worm.VB.ZVX [PC Tools]	5
Email-Worm.Win32.Runouce.b [Kaspersky Lab]	4
JS.Chir.B [PC Tools]	4
Mal_Banker [Trend Micro]	4
Virus.Win32.Sality.s [Ikarus]	4
W32/Autorun.worm.eb [McAfee]	4
Win32.Virtob.2 [Ikarus]	4
Win-Trojan/Agent.11264.JZ [AhnLab]	4
Worm.Bobax.AB [PC Tools]	4
WORM_BOBAX.BD [Trend Micro]	4
Backdoor:Win32/Poebot.AT [Microsoft]	3
Backdoor:Win32/Poebot.BA [Microsoft]	3
Email-Worm.Win32.Tanatos.B [Ikarus]	3
Mal/Behav-164, W32/Vetor-A [Sophos]	3
Net-Worm.Win32.Bobic.dq [Kaspersky Lab]	3
QHosts-77 [McAfee]	3
TROJ_NUWAR.DDJ [Trend Micro]	3
Trojan.Win32.Agent [Ikarus]	3
Trojan-Clicker.Win32.Klik [Ikarus]	3
Trojan-Downloader.VB.AXY [Ikarus]	3
Trojan-Downloader.Win32.Small [Ikarus]	3
Trojan-Dropper.Kobcka [Ikarus]	3
TrojanSpy.Ardamax.WQ [PC Tools]	3
Virus.Win32.Hupigon.MAP [Ikarus]	3
Virus.Win32.Virut.n [Ikarus]	3
W32/Dref-AW [Sophos]	3
Win-Trojan/Agent.9216.FL [AhnLab]	3
WORM_AGENT.XSB [Trend Micro]	3
Backdoor.Win32.PoeBot.C [Ikarus]	2
Backdoor.Win32.Refpron [Ikarus]	2
Backdoor:Win32/Nuwar.A [Microsoft]	2
Backdoor:Win32/Poebot.BG [Microsoft]	2
BackDoor-DIY [McAfee]	2
Downloader-ASH.gen.b [McAfee]	2
Email-Worm.Win32.Runouce [Ikarus]	2
Email-Worm.Win32.VB.cb [Ikarus]	2
Generic Dropper.bw [McAfee]	2
Generic PWS.ak [McAfee]	2
Generic.Sdbot [Ikarus]	2
IM-Worm.Win32.Sohanad.dz [Kaspersky Lab]	2
Mal/Generic-A [Sophos]	2
Mal_NSAnti-1 [Trend Micro]	2
Net-Worm.Win32.Padobot.m [Kaspersky Lab]	2
Packer.RLPack.D [Ikarus]	2
PE_CORELINK.C-1 [Trend Micro]	2
PE_SALITY.EN [Trend Micro]	2
PWS-Gamania.gen.c [McAfee]	2
Spy-Agent.bv.gen.b [McAfee]	2
Trojan.DR.Small.UPY [PC Tools]	2
Trojan.Win32.Agent.aec [Kaspersky Lab]	2
Trojan.Win32.Anomaly.D [Ikarus]	2

W32.Virut.U [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	China	38
	Netherlands	24
	Brazil	20
	Russian Federation	13
	Germany	11
	Israel	6
	Italy	6
	United Kingdom	5
	Republic of Korea	3
	Thailand	3
	France	2
	Iran	2
	Spain	2
	Taiwan	2
	Turkey	2
	Canada	1
	Indonesia	1
	Poland	1
	Romania	1
	Sweden	1
	Ukraine	1

W32.Virut.U [Symantec] is known to be created as:

%AllUsersProfile%\desktop.exe

%AllUsersProfile%\documents.exe

%AllUsersProfile%\drm.exe

%AllUsersProfile%\favorites.exe

%AllUsersProfile%\templates.exe

%AppData%\br6657on.exe

%AppData%\csrss.exe

%AppData%\explorer.exe

%AppData%\facegame\facegame.exe

%AppData%\inetinfo.exe

%AppData%\lsass.exe

%AppData%\microsoft\nuxa.exe

%AppData%\real\ntoscore.exe

%AppData%\services.exe

%AppData%\smss.exe

%AppData%\spool.exe

%AppData%\start\update.exe

%AppData%\svchost.exe

%AppData%\usrinit.exe

%AppData%\winlogon.exe

%CommonAppData%\microsoft.exe

%CommonAppData%\microsoft\crypto.exe

%CommonAppData%\microsoft\crypto\dss.exe

%CommonAppData%\microsoft\crypto\dss\machinekeys.exe

%CommonAppData%\microsoft\crypto\rsa.exe

%CommonAppData%\microsoft\crypto\rsa\machinekeys.exe

%CommonAppData%\microsoft\crypto\rsa\s-1-5-18.exe

%CommonAppData%\microsoft\network.exe

%CommonAppData%\microsoft\network\connections.exe

%CommonAppData%\microsoft\network\connections\cm.exe

%CommonAppData%\microsoft\network\connections\pbk.exe

%CommonAppData%\vmware.exe

%CommonDesktopDir%\desktop.exe

%CommonDocuments%\my music\sample playlists\00090beb.exe

%CommonPrograms%\accessories.exe

%CommonPrograms%\accessories\accessibility.exe

%CommonPrograms%\accessories\communications.exe

%CommonPrograms%\accessories\entertainment.exe

%CommonPrograms%\programs.exe

%CommonPrograms%\startup.exe

%CommonPrograms%\startup\ctfmon.exe

%CommonPrograms%\startup\ixplorer.exe

%CommonStartMenu%\programs.exe

%FontsDir%\services.exe

%FontsDir%\unwise_.exe

%LocalSettings%\startup.exe

%Profiles%\default user\application data\microsoft.exe

%Profiles%\default user\cookies.exe

%Profiles%\default user\desktop.exe

%Profiles%\default user\favorites.exe

%Profiles%\default user\local settings\history.exe

%Profiles%\default user\local settings\history\history.ie5.exe

%Profiles%\default user\local settings\temp.exe

%Profiles%\default user\nethood.exe

%Profiles%\default user\printhood.exe

%Profiles%\default user\recent.exe

%Profiles%\default user\sendto.exe

%Profiles%\default user\start menu\programs.exe

%Profiles%\default user\start menu\programs\accessories.exe

%Profiles%\default user\start menu\programs\startup.exe

%Profiles%\default user\templates.exe

%Profiles%\localservice\application data\flexiblesoft.exe

%Profiles%\localservice\application data\microsoft.exe

%Profiles%\localservice\cookies.exe

%Profiles%\localservice\local settings\history.exe

%Profiles%\localservice\local settings\history\history.ie5.exe

%Profiles%\localservice\local settings\temp.exe

%ProgramFiles%\antivirus 2008\antvrs.exe

%ProgramFiles%\common files\adobeupdate.exe

%ProgramFiles%\common files\system\msasp32.exe

%ProgramFiles%\common files\system\msiwa32.exe

%ProgramFiles%\microsoft common\wuauclt.exe

%ProgramFiles%\microsoft office\winword.exe

%ProgramFiles%\mirc\irc bot\services.exe

%ProgramFiles%\movie maker\moviemk.exe

%ProgramFiles%\remote\remote.exe

%ProgramFiles%\thunmail\testabd.exe

%ProgramFiles%\twain\twain.exe

%ProgramFiles%\xpcode\sexgame.exe

%ProgramFiles%\xpcode\sexscreensaver.scr

%Programs%\startup\ctfmon.exe

%Programs%\startup\scan.com

%System%\038672055.exe

%System%\0617152d\services.exe

%System%\28463\akv.exe

%System%\28463\naje.exe

%System%\3361\svchost.exe

%System%\6292775.exe

%System%\662832100427l.exe

%System%\793693.exe

%System%\abyl.exe

%System%\afub.exe

%System%\algi.exe

%System%\algs.exe

%System%\amvo.exe

%System%\avsp.exe

%System%\bttnserv.exe

%System%\caudio.exe

%System%\chrome.exe

%System%\ckvo.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%CommonStartMenu% is a variable that refers to the file system directory that contains the programs and folders that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu (Windows NT/2000/XP).
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).