ThreatExpert's Statistics for Win32/Kashu.B [AhnLab]:

Win32/Kashu.B [AhnLab] is also known as:

Threat Alias	Number of Incidents
Virus:Win32/Sality.AM [Microsoft]	2,459
W32/Sality.gen [McAfee]	2,441
W32/Sality-AM [Sophos]	2,210
W32.Sality.AE [Symantec]	2,139
Virus.Win32.Sality.aa [Kaspersky Lab]	1,797
Virus.Win32.Sality [Ikarus]	1,146
Win32.Sality.AM.Gen [PC Tools]	513
Virus.W32.Sality [Ikarus]	460
Virus.Win32.Sality.z [Kaspersky Lab]	442
PE_SALITY.EK [Trend Micro]	399
PE_SALITY.JER [Trend Micro]	364
PE_SALITY.EN-1 [Trend Micro]	352
Mal/Sality-B [Sophos]	335
PE_SALITY.EN [Trend Micro]	301
PE_SALITY.BU [Trend Micro]	250
Trojan.Win32.Autoit.ci [Kaspersky Lab]	126
Malware.Sality [PC Tools]	106
W32.SillyFDC [Symantec]	100
Trojan.Win32.Autoit [Ikarus]	98
PE_SALITY.DAM [Trend Micro]	80
PE_SALITY.EN-O [Trend Micro]	76
PE_SALITY.BU-O [Trend Micro]	51
Infostealer [Symantec]	46
W32.Imaut [Symantec]	45
PE_SALITY.EM [Trend Micro]	38
Virus.Win32.Sality.y [Kaspersky Lab]	37
IM-Worm.Win32.Sohanad [Ikarus]	36
W32.Sality [Ikarus]	30
PE_SALITY.M [Trend Micro]	29
Trojan.Autoit [Ikarus]	29
W32/Sality.gen.b [McAfee]	28
Worm:Win32/Sohanad.I [Microsoft]	27
W32.Imaut.AA [Symantec]	25
PE_SALITY.BU-1 [Trend Micro]	24
W32/Autorun.worm.ev [McAfee]	24
PE_SALITY.BI [Trend Micro]	20
Trojan.Dropper [Symantec]	20
Trojan.Win32.KillAV.ayh [Kaspersky Lab]	20
Gen.Win32 [Ikarus]	19
Win32.Sality.AK [PC Tools]	19
Trojan Horse [Symantec]	17
W32.Imaut.A [Symantec]	17
Worm.AutoIT.DP [PC Tools]	17
Email-Worm.Win32.Brontok.ab [Ikarus]	16
Trojan.Win32.Crypt [Ikarus]	16
Worm.Sohanad.U [PC Tools]	15
Worm.Autoit.DU [PC Tools]	14
Worm:AutoIt/Sohanad.AQ [Microsoft]	14
Generic PWS.ak [McAfee]	13
Trojan-Spy.Ardamax.J [Ikarus]	13
TrojanSpy.Ardamax.WQ [PC Tools]	13
Virus.Win32.Bifrose [Ikarus]	13
W32.Imaut.U [Symantec]	13
Worm.AutoIT.V [PC Tools]	13
PE_SALITY.EM-O [Trend Micro]	12
PE_SALITY.EN-2 [Trend Micro]	12
Trojan-Dropper.Win32.Flystud.B [Ikarus]	12
W32.SillyDC [Symantec]	12
IM-Worm.Win32.VB [Ikarus]	11
Worm.AutoIt.dn [PC Tools]	11
W32.Imaut.AS [Symantec]	10
Worm.Win32.AutoIt [Ikarus]	10
Worm.Win32.AutoRun.fjx [Kaspersky Lab]	10
PWS-Gamania.gen.c [McAfee]	9
Trojan.Autorun.UA [Ikarus]	9
Trojan-Downloader.Win32.AutoIt [Ikarus]	9
Backdoor.Trojan [Symantec]	8
Backdoor.Win32.Bifrose [Ikarus]	8
BackDoor-EEF [McAfee]	8
Mal/Sality-Gen [Sophos]	8
Trojan.DL.AutoIt.DO [PC Tools]	8
Trojan.Win32.VB [Ikarus]	8
Backdoor.Bifrose [Symantec]	7
Backdoor.Win32.Bifrose.fpb [Kaspersky Lab]	7
BackDoor-CEP.gen.au [McAfee]	7
Mal/Sality-A [Sophos]	7
Trojan.Win32.Pakes.cob [Kaspersky Lab]	7
Virus.Win32.VB.bg [Ikarus]	7
W32.Gammima.AG [Symantec]	7
W32.Imaut.N [Symantec]	7
Worm.VB.FMU [PC Tools]	7
Worm.Win32.AutoRun.soq [Kaspersky Lab]	7
Backdoor.Win32.Jaan.w [Kaspersky Lab]	6
IM-Worm.Win32.Sohanad.t [Kaspersky Lab]	6
Mal/HckPk-A, Mal/Sality-B [Sophos]	6
Trojan.Midgare.hhn [PC Tools]	6
Trojan-Downloader.Win32.AutoIt.aa [Kaspersky Lab]	6
Worm.Win32.AutoIt.v [Kaspersky Lab]	6
Worm:AutoIt/Sohanad.AI [Microsoft]	6
WORM_RONTOKBR.BQ [Trend Micro]	6
Backdoor.Win32.Agent.uek [Kaspersky Lab]	5
BKDR_AHZE.SMM [Trend Micro]	5
P2P-Worm.Win32.Malas.g [Ikarus]	5
Trojan.Win32.Agent.cru [Kaspersky Lab]	5
Virus.Trojan.Win32.Midgare [Ikarus]	5
Virus.Win32.VB.KZ [Ikarus]	5
Virus.Win32.Virut [Ikarus]	5
Virus:Win32/Sality.gen [Microsoft]	5
W32.Linkfars [Symantec]	5
W32/Autorun.worm.cu [McAfee]	5

Win32/Kashu.B [AhnLab] has the following possible countries of origin:

Origin		Number of Incidents
	United Kingdom	281
	Taiwan	155
	Germany	112
	China	101
	Russian Federation	85
	Sweden	41
	Japan	31
	Spain	30
	Israel	29
	Brazil	26
	Republic of Korea	19
	France	18
	Turkey	16
	Canada	11
	Saudi Arabia	11
	Australia	10
	Poland	7
	Iran	6
	Czech Republic	5
	Italy	5
	Belgium	3
	Indonesia	3
	Netherlands	3
	Hungary	2
	New Zealand	2
	Portugal	2
	Slovenia	2
	Austria	1
	Croatia	1
	Finland	1
	Mexico	1
	Norway	1
	Singapore	1
	Slovakia	1
	South Africa	1
	Thailand	1
	United Arab Emirates	1
	Viet Nam	1

Win32/Kashu.B [AhnLab] is known to be created as:

%AllUsersProfile%\menu iniciar\programas\inicializar\svchost.exe

%AllUsersProfile%\smss.exe

%AppData%\csrss.exe

%AppData%\explorer.exe

%AppData%\foxitreader_setup.exe

%AppData%\inetinfo.exe

%AppData%\lsass.exe

%AppData%\services.exe

%AppData%\smss.exe

%AppData%\usrinit.exe

%AppData%\winlogon.exe

%CommonAppData%\fearghus\lsass.exe

%CommonAppData%\microsoft\kbdriver\classified.exe

%CommonAppData%\microsoft\kbdriver\kbdsys.exe

%CommonAppData%\microsoft\usb2.0\usb-hi.exe

%CommonAppData%\zilch.infinisoft\dirlock.exe

%CommonDesktopDir%\classified.exe

%CommonDesktopDir%\classified\classified.exe

%CommonDesktopDir%\documents.exe

%CommonDesktopDir%\files.exe

%CommonDesktopDir%\notepad.exe

%CommonDocuments%\classified.exe

%CommonDocuments%\classified\classified.exe

%CommonPrograms%\startup\classified.exe

%CommonPrograms%\startup\kbdrv16.com

%CommonPrograms%\startup\lsass.exe

%CommonPrograms%\startup\setup.exe

%CommonPrograms%\startup\svchots.exe

%CommonPrograms%\startup\systemil2.exe

%DesktopDir%\games.exe

%DesktopDir%\mp3.exe

%DesktopDir%\videos.exe

%DownloadedProgramFiles%\svchost.exe

%FontsDir%\26dfa.com

%FontsDir%\fonts.exe

%FontsDir%\tskmgr.exe

%FontsDir%\wuauclt.exe

%LocalSettings%\explorer.exe

%LocalSettings%\services.exe

%LocalSettings%\smss.exe

%LocalSettings%\startup.exe

%LocalSettings%\svchost.exe

%LocalSettings%\winlogon.exe

%MyDocuments%\classified.exe

%MyDocuments%\games.exe

%MyDocuments%\hiddenfolder.exe

%MyDocuments%\mp3.exe

%MyDocuments%\videos.exe

%Profiles%\default user\services.exe

%Profiles%\localservice\services.exe

%Profiles%\networkservice\services.exe

%ProgramFiles%\adobe.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bytescribe\tsp_codec\uninst.exe

%ProgramFiles%\classified.exe

%ProgramFiles%\common files\adobeupdate.exe

%ProgramFiles%\folder collection\games.exe

%ProgramFiles%\folder collection\mp3.exe

%ProgramFiles%\folder collection\videos.exe

%ProgramFiles%\jnooony\coffin.exe

%ProgramFiles%\massenger live\server.exe

%ProgramFiles%\messenger.exe

%ProgramFiles%\microsoft office\office11\services.exe

%ProgramFiles%\msn.exe

%ProgramFiles%\netmeeting.exe

%ProgramFiles%\utorrent\utorrent.exe

%ProgramFiles%\vmware.exe

%ProgramFiles%\warcraft iii\games.exe

%ProgramFiles%\warcraft iii\mp3.exe

%ProgramFiles%\warcraft iii\videos.exe

%ProgramFiles%\winpcap.exe

%ProgramFiles%\wowrd\wowrrdd.exe

%ProgramFiles%\xerox.exe

%ProgramFiles%\xpcode\sexgame.exe

%ProgramFiles%\xpcode\sexscreensaver.scr

%Programs%\startup\3508b.exe.exe

%Programs%\startup\acc70.exe.exe

%Programs%\startup\lssas.exe

%Programs%\startup\svchots.exe

%Programs%\startup\userinit.exe

%System%\090520-7-3.exe

%System%\1.exe

%System%\1025.exe

%System%\1028.exe

%System%\1031.exe

%System%\1033.exe

%System%\1037.exe

%System%\1041.exe

%System%\1042.exe

%System%\1054.exe

%System%\1126\ctfmon.exe

%System%\2052.exe

%System%\3076.exe

%System%\3361\svchost.exe

%System%\3com_dmi.exe

%System%\805165423741l.exe

%System%\amvo.exe

%System%\antiviruscollection.exe

%System%\avpo.exe

%System%\bifrost\server.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonDesktopDir% is a variable that refers to the file system directory that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop (Windows NT/2000/XP).
%CommonDocuments% is a variable that refers to the file system directory that contains documents that are common to all users. A typical paths is C:\Documents and Settings\All Users\Documents.
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DesktopDir% is a variable that refers to the file system directory used to physically store file objects on the desktop. A typical path is C:\Documents and Settings\[UserName]\Desktop.
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Programs% is a variable that refers to the file system directory that contains the user's program groups. A typical path is C:\Documents and Settings\[UserName]\Start Menu\Programs.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).