The virus uses a complicated encryption method, which complicates detection somewhat.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
An earlier variant of the Phoenix virus.
A 1302 byte earlier variant.
A 1701 byte variant.
So-called "M" and "D" forms of the variants have been reported, but this is actually a misunderstanding. The "D" form is just the decrypted virus and the "M" form is a sample file infected multiple times.