Threat Search: 

ThreatExpert's Statistics for Win32/Virut.E [AhnLab]:

Win32/Virut.E [AhnLab] is also known as:
Threat AliasNumber of Incidents
W32.Virut.CF [Symantec]849
Virus.Win32.Virut.ce [Kaspersky Lab]827
W32/Scribble-B [Sophos]808
Virus:Win32/Virut.BM [Microsoft]639
W32/Virut.n.gen [McAfee]516
Virus:Win32/Virut.gen!O [Microsoft]178
New Win32.g4 [McAfee]140
Virus.Win32.Virut [Ikarus]84
PE_VIRUX.H-3 [Trend Micro]68
Virus:Win32/Virut.gen!E [Microsoft]55
Malware.Virut [PC Tools]38
W32/Virut.n [McAfee]36
Virus.Win32.Virut.bo [Ikarus]34
PE_VIRUX.F-2 [Trend Micro]23
Backdoor.Rbot [Ikarus]22
W32.Virut [Ikarus]22
W32/Sdbot.worm.gen.g [McAfee]22
WORM_RBOT.GEN-1 [Trend Micro]22
W32/Rbot-Fam, W32/Scribble-B [Sophos]21
Worm.Akbot.Gen [PC Tools]21
Trojan-Spy.Win32.Banker.RM [Ikarus]20
PE_VIRUX.A [Trend Micro]18
Trojan.Win32.Banker [Ikarus]18
Backdoor.Win32.Small.uc [Kaspersky Lab]16
New Win32.g3 [McAfee]11
Backdoor.Win32.Popwin [Ikarus]9
Exploit.Win32.IMG-WMF [Ikarus]9
PE_VIRUX.E-4 [Trend Micro]9
Virus.Win32.Virut.q [Ikarus]9
W32/Scribble-A [Sophos]9
Trojan-Dropper.Agent [Ikarus]8
Virus.Win32.Virtob [Ikarus]6
Win32.Cadoiac.A [Ikarus]6
Generic Dropper.ln [McAfee]5
Trojan.Win32.Patched [Ikarus]5
Trojan-Downloader.Win32.Banload [Ikarus]5
Gen.Malware [Ikarus]4
Trojan.Win32.Inject.akjn [Kaspersky Lab]4
Trojan-Dropper.Win32.ExeBind [Ikarus]4
Trojan-Dropper.Win32.ExeBind [Kaspersky Lab]4
TrojanDropper:Win32/ExeBind [Microsoft]4
Trojan-Spy.Win32.Banker [Ikarus]4
Virus.Win32.Sality [Ikarus]4
W32/Sality.gen [McAfee]4
W32/Xirtem@MM [McAfee]4
Win32.Virtob [Ikarus]4
Backdoor.Win32.Beastdoor [Ikarus]3
BackDoor-EBI [McAfee]3
Downloader-BIA [McAfee]3
Email-Worm.Win32.Tanatos.B [Ikarus]3
New Malware.ca [McAfee]3
Troj/Bifrose-XZ [Sophos]3
Troj/Dloadr-BIK [Sophos]3
Trojan.Dropper [Symantec]3
Trojan-Downloader.Small.grk [PC Tools]3
Trojan-Downloader.Win32.Small.grk [Kaspersky Lab]3
Virus.Win32.Virut.n [Ikarus]3
AdWare.Win32.BHO [Ikarus]2
Backdoor.Win32.HareBot.anq [Kaspersky Lab]2
Backdoor.Win32.HareBot.pb [Kaspersky Lab]2
Backdoor.Win32.Poison.pg [Kaspersky Lab]2
BackDoor-DSS.gen.a [McAfee]2
FakeAlert-SpywareProtect [McAfee]2
Mal/Behav-103, Mal/Behav-043, W32/Scribble-B [Sophos]2
Mal/Dorf-E, W32/Scribble-B [Sophos]2
Mal/EncPk-GW, Mal/Poison-A, W32/Scribble-B [Sophos]2
Mal/EncPk-JU, W32/Scribble-B [Sophos]2
Mal/EncPk-LQ, Mal/EncPk-LQ, Mal/EncPk-ME, W32/Scribble-B [Sophos]2
Mal/EncPk-ME, Mal/EncPk-LQ, W32/Scribble-B [Sophos]2
Mal/Sasfis-C, Mal/Sasfis-B, W32/Scribble-B [Sophos]2
Mal/Zbot-O, W32/Scribble-B [Sophos]2
Suspicious.MH690 [Symantec]2
Trojan.DL.CKSPost.Gen [PC Tools]2
Trojan.Fakeavalert [Symantec]2
Trojan.Pandex [PC Tools]2
Trojan.Pandex [Symantec]2
Trojan.Win32.Anomaly [Ikarus]2
Trojan-Banker.Win32.Banker [Ikarus]2
TrojanClicker:Win32/Hatigh.C [Microsoft]2
TrojanDownloader:Win32/Cutwail.AQ [Microsoft]2
TrojanDownloader:Win32/Small.AAAL [Microsoft]2
TrojanDropper:Win32/Decay.A [Microsoft]2
Trojan-Spy.Win32.Banker.ciy [Ikarus]2
Trojan-Spy.Win32.Zbot.gen [Kaspersky Lab]2
Virus.Win32.CeeInject [Ikarus]2
Virus.Win32.Virut.ak [Ikarus]2
Virus:Win32/Virut.gen!G [Microsoft]2
Virus:Win32/Virut.gen!M [Microsoft]2
Backdoor.Agent.sca [PC Tools]1
Backdoor.SdBot [Ikarus]1
Backdoor.Sdbot [Symantec]1
Backdoor.Trojan [Symantec]1
Backdoor.Win32.Agent.sca [Kaspersky Lab]1
Backdoor.Win32.Bifrose [Ikarus]1
Backdoor.Win32.HareBot [Ikarus]1
Backdoor.Win32.PoeBot.A [Ikarus]1
Backdoor.Win32.Poison [Ikarus]1
Backdoor.Win32.Small.yt [Kaspersky Lab]1
Backdoor:Win32/Ptakks.DR [Microsoft]1
Backdoor:WinNT/Rustock.C [Microsoft]1

Win32/Virut.E [AhnLab] has the following possible countries of origin:
OriginNumber of Incidents
China46
Russian Federation34
Spain16
United Kingdom11
Germany10
Taiwan9
Brazil8
Sweden7
Czech Republic6
France6
Saudi Arabia5
Poland4
Italy3
Netherlands3
Greece2
Turkey2
Australia1
Austria1
Canada1
Japan1
Oman1
Portugal1
Romania1
Slovakia1

Win32/Virut.E [AhnLab] is known to be created as:
%AppData%\sysdate32.exe
%CommonPrograms%\chkdisk.exe
%ProgramFiles%\manson\liser.exe
%ProgramFiles%\microsoft common\svchost.exe
%ProgramFiles%\superantispyware\keygen.exe
%ProgramFiles%\thunmail\testabd.exe
%System%\csrsc.exe
%System%\digiwet.dll
%System%\dllcache\regedit32.com
%System%\dllcache\rndll32.exe
%System%\dllcache\shell32.com
%System%\dllcache\zipexr.dll
%System%\dllchache.exe
%System%\fedeo.exe
%System%\implayok.exe
%System%\init32.exe
%System%\m5vbvm60.exe
%System%\msupdate.exe
%System%\ntos.exe
%System%\nvuninst.exe
%System%\patch.exe
%System%\reader_s.exe
%System%\restorer32_a.exe
%System%\rund1132.exe
%System%\s.exe
%System%\sdra64.exe
%System%\server.exe
%System%\servises.exe
%System%\soundmix.exe
%System%\sysregi.exe
%System%\winces.exe
%System%\wsvhk.exe
%Temp%\23998439.exe
%Temp%\24157814.exe
%Temp%\2529848.exe
%Temp%\27164022.exe
%Temp%\27400050.exe
%Temp%\2750467.exe
%Temp%\36500050.exe
%Temp%\cc.exe
%Temp%\cmd.exe
%Temp%\csrss.exe
%Temp%\driver_detective_6.4.0.7_key.exe
%Temp%\driver_detective_6.4.1.3_key.exe
%Temp%\drweb.exe
%Temp%\exebind.exe
%Temp%\fkvpxr.exe
%Temp%\ibaynllxdly.exe
%Temp%\ieaccelerator1.exe
%Temp%\login.exe
%Temp%\lsass.exe
%Temp%\services.exe
%Temp%\spoolsv.exe
%Temp%\svchost.exe
%Temp%\system.exe
%Temp%\taskmgr.exe
%Temp%\win16.exe
%Temp%\win32.exe
%Temp%\winamp.exe
%Temp%\winlogon.exe
%UserProfile%\implayok.exe
%UserProfile%\reader_s.exe
%UserProfile%\restorer32_a.exe
%Windir%\9129837.exe
%Windir%\iexplore.exe
%Windir%\ld14.exe
%Windir%\services.exe
%Windir%\system32.exe
%Windir%\temp\31729645.exe
%Windir%\temp\login.exe
%Windir%\temp\lsass.exe
%Windir%\usbservice.exe
c:\lsass.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.