ThreatExpert's Statistics for Worm.IM.Sohanad [PC Tools]:

Worm.IM.Sohanad [PC Tools] is also known as:

Threat Alias	Number of Incidents
W32/YahLover.worm [McAfee]	339
W32.Imaut.A [Symantec]	299
WORM_SOHANAD.EJ [Trend Micro]	283
IM-Worm.Win32.Sohanad [Ikarus]	245
W32/SillyFDC-AE [Sophos]	245
Worm:Win32/Sohanad.I [Microsoft]	245
IM-Worm.Win32.AutoIt.g [Kaspersky Lab]	239
Win-Trojan/Downloader.290419 [AhnLab]	119
W32/AutoRun-PU [Sophos]	70
Worm.Autoit [Ikarus]	57
IM-Worm.Win32.Sohanad.as [Kaspersky Lab]	55
Trojan Horse [Symantec]	42
Virus.Win32.AutoIt.a [Kaspersky Lab]	42
WORM_YAHLOVER.AL [Trend Micro]	42
TrojanDownloader:Win32/Agent.B [Microsoft]	36
W32/Sohana-AH [Sophos]	36
Worm:AutoIt/YahLover.F!inf [Microsoft]	31
Virus.Win32.AutoRun.jq [Ikarus]	24
WORM_SOHANAD.AS [Trend Micro]	17
Trojan.Win32.KillAV.ayh [Kaspersky Lab]	6
Win32/YahLover.worm.226217 [AhnLab]	6
Worm.Win32.AutoRun.k [Kaspersky Lab]	3
WORM_AUTORUN.K [Trend Micro]	2
Email-Worm.Win32.Brontok.ab [Ikarus]	1
Generic.dx [McAfee]	1
IM-Worm.Win32.Sohanad.ae [Kaspersky Lab]	1
IM-Worm.Win32.Sohanad.gen [Kaspersky Lab]	1
IM-Worm.Win32.Sohanad.t [Kaspersky Lab]	1
Mal/Generic-A [Sophos]	1
Trojan:Win32/Meredrop [Microsoft]	1
W32.Imaut.AA [Symantec]	1
W32.SillyFDC [Symantec]	1
W32/Autorun.worm.cs [McAfee]	1
W32/Autorun.worm.g [McAfee]	1
W32/SillyFDC-AU [Sophos]	1
Win32/Autorun.worm.225604 [AhnLab]	1
Worm.Autorun.K [PC Tools]	1
Worm.Sohanad.U [PC Tools]	1
Worm.Win32.AutoRun [Ikarus]	1
Worm.Win32.VB.ck [Kaspersky Lab]	1
Worm:Win32/Autorun [Microsoft]	1
WORM_SOHANAD.BN [Trend Micro]	1
WORM_SOHANAD.FG [Trend Micro]	1
WORM_SOHANAD.IM [Trend Micro]	1
WORM_VB.ESA [Trend Micro]	1

Worm.IM.Sohanad [PC Tools] has the following possible country of origin:

Origin		Number of Incidents
	United Kingdom	32

Worm.IM.Sohanad [PC Tools] is known to be created as:

%CommonPrograms%\startup\msconfig.exe

%System%\blastclnnn.exe

%System%\chrome.exe

%System%\dllcache\stub.exe

%System%\extract.exe

%System%\scvhost.exe

%System%\scvhosts.exe

%System%\scvvhsot.exe

%System%\svichoost.exe

%System%\ver.exe

%Temp%\0005452e_rar\scvhosts.exe

%Temp%\00054945_rar\scvvhsot.exe

%Temp%\000549a3_rar\scvvhsot.exe

%Temp%\00058e4d_rar\scvhosts.exe

%Temp%\00058e7c_rar\scvvhsot.exe

%Temp%\00058eba_rar\scvhosts.exe

%Temp%\00059051_rar\scvhosts.exe

%Temp%\000590dd_rar\scvvhsot.exe

%Temp%\000591a8_rar\scvvhsot.exe

%Temp%\00059264_rar\scvvhsot.exe

%Temp%\00059293_rar\scvvhsot.exe

%Temp%\00059310_rar\scvvhsot.exe

%Temp%\0005933f_rar\scvvhsot.exe

%Temp%\000594e4_rar\scvvhsot.exe

%Temp%\0005964c_rar\scvvhsot.exe

%Temp%\0005d326_rar\scvvhsot.exe

%Temp%\0005d364_rar\scvvhsot.exe

%Temp%\0005d3d2_rar\scvvhsot.exe

%Temp%\0005d3e1_rar\scvhosts.exe

%Temp%\0005d3f1_rar\scvvhsot.exe

%Temp%\0005d410_rar\scvvhsot.exe

%Temp%\0006066b_rar\scvvhsot.exe

%Windir%\chrome.exe

%Windir%\hinhem.scr

%Windir%\lsass.exe

%Windir%\scvhost.exe

%Windir%\scvhosts.exe

%Windir%\scvvhsot.exe

%Windir%\svichoost.exe

%Windir%\system\lsass.exe

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.