Many times everyone have used anti-virus software to find out their own machines such as backdoor.rmtbomb.12, Trojan.win32.sendip.15, etc. These English also have digital virus names, then some people are 懵, So a string of names, how do I know what virus?
In fact, as long as we master some viruses naming rules, we can judge some public characteristics of the virus through the virus names that appear in the report of anti-virus software.
So many viruses in the world, anti-virus companies will classify the virus according to the characteristics of the virus. Although each anti-virus's naming rules are not only the same, it is generally named by a unified naming method. The general format is:
The viral prefix refers to a variety of viruses, which is used to distinguish the ethnic classification of viruses. Different kinds of viruses, their prefixes are different. For example, the prefix of the Trojan virus, the prefix of the worm is Worm and so on.
The virus name refers to a family characteristics of a virus. It is used to distinguish and identify the viral family. If the family name of the previous CIH virus is all "CIH", there is also a near future oscillated wave worm worm The family name is "Sasser".
The viral suffix refers to a variant characteristics of a virus, which is used to distinguish a variant of a particular family virus. 26 letters in English are generally expressed, such as Worm.SASSER.B refers to a variant of oscillating worms, and is therefore generally referred to as "oscillation wave B variants" or "oscillating wave variants B". If the virus variant (also indicated that the viral vitality is tenacious ^ _ ^), a numeric and alphabetic mixing indicates a variant identification.
In summary, a virus prefix is very helpful for us to quickly determine which type of virus that belongs to the virus is very helpful. By judging the type of virus, this virus can have a probably assessment (of course, this requires some common knowledge of common viral types, which is not discussed herein). Through the name of the virus, we can learn more about the detailed characteristics of the virus by finding information. The virus will let us know which variant is now in the virus staying in your machine.
The interpretation of some common viral prefixes (for our Windows operating system):
1, system virus
The prefix of the system virus is: Win32, PE, Win95, W32, W95, etc. The general public characteristics of these viruses are the * .exe and * .dll files of the Windows operating system, and propagate through these files. Such as CIH viruses.
2, worm
The prefix of the worm is: Worm. The public characteristics of this virus are propagated over the network or system vulnerability, and a large part of the worm has an outwardly transmitted a poison email, blocking the characteristics of the network. For example, shock waves (blocking networks), small postage (hair poison mail), etc.
3, Trojan virus, hacking virus
Trojan virus is prefixed: Trojan, hacker virus preamble name is generally HACK. The public characteristics of Trojan viruses enter the user's system through the network or system vulnerability and hide, then leaked the user's information, and the hacking virus has a visual interface that can remotely control the user's computer. Trojans, hacking viruses are often pairs, that is, Trojanovirus is responsible for invading the user's computer, and the hacking virus will be controlled by the Trojan virus. Both of these are now increasingly integrated. General Trojan, such as QQ message, tail, Trojan.qq3344, and everyone may meet more Trojan viruses for online games such as Trojan.Lmir.Psw.60. Here, there is a point in which PSW or what PWD is generally said this virus has a function of stealing passwords (these letters generally "password" English "Password" abbreviations) Some hackers such as: network (Hack.Nether.Client), etc. 4, script virus
The prefix of the script virus is: Script. The public characteristics of the script virus are written in scripting languages, viruses that are propagated through the web page, such as red code (script.redlof) - is not our boss brother ^ _ ^. The script virus will have the following prefix: VBS, JS (indicating what script is written), such as Happy Time (VBS.happyTime), 14th (JS.Fortnight.c.s), etc.
5, macro virus
In fact, macro viruses are also a kind of script virus, because of its particularity, therefore alone here. The prefix of the macro virus is: Macro, the second prefix is: Word, Word97, Excel, Excel97 (perhaps there may be another) one of them. Any virus that is only infected with Word97 and previous version of the Word document is used as the second prefix. The format is: macro.word97; Any virus that is only infected with Word97, using Word as the second prefix, the format is: Macro.Word Any virus that only infects Excel97 and previous version Excel documents uses Excel97 as the second prefix, the format is: macro.excel97; Any virus that is only infected with Excel97 with Excel document with Excel as the second prefix, the format is: Macro. Excel, so on. The public feature of this type of virus is to infect Office Series documents, then spread through Office General Templates, such as: Macro.melissa.
6, back door virus
The prefix of the latter virus is: Backdoor. The public characteristics of this type of virus are propagated through the network, and the latter door to the system has brought security hidden dangers to the user's computer. For example, many friends I have encountered IRC backdoo backdoor.ircbot.
7. Viral planting program virus
The public characteristics of such viruses are running from the body to release one or several new viruses in the system directory, and the released new virus is destroyed. Such as: glacial seedriaries (Dropper.Binghe2.2c), MSN Shot (Dorm.Worm.Smibag).
8. Destructive program virus
The prefix of the destructive program virus is: Harm. The public feature of such viruses is its own icon to seduce the user's click, when the user clicks this virus, the virus will generate it directly to the user's computer. Such as: format the C drive (Harm.formatc.f), the killer command (HARM.COMMAND.KILLER, etc.).
9. Jokes
The prefix of a joke virus is: Joke. Also known as evil. The public feature of this type of virus is itself with a good-looking icon to tempting the user to click on this virus. When the user clicks this virus, the virus will make a variety of damage operations to scare users. In fact, the virus does not have any damage to the user computer. Such as: Joke.girlGhost virus.
10. Binding machine virus
The prefix of the bundled machine virus is: binder. The public feature of such viruses is that the virus authors use a specific bundle to bundle the virus with some applications such as QQ, IE, and look at a normal file. When the user runs these bundled viruses, it will run these The application, then hide the run bundled with the virus, thereby harm the user. Such as: Bundle QQ (Binder.qqpass.qqbin), system killer (Binder.killsys), etc.
The above is a common virus prefix, sometimes we will see some other, but more, here is simple to mention:
DOS: The DOS attack will be performed on a host or server;
Exploit: It will automatically spread itself by overflowing the other party or its own system vulnerability, or he is itself an overflow tool for Hacking;
Hacktool: Hacker tool, maybe it does not destroy your machine, but will be used by others to use you to make someone else.
You can initially judge the basic situation of the Chinese virus by the above method, to achieve a knowledge of each other. Incause of anti-virus can't automatically kill, this information will give you a lot of help when you use manual.
