In fact, as long as you master the naming rules of some viruses, you can judge some characteristics of viruses by the virus names appearing in the anti-virus software reports: the general format is: . < virus name >. & lt virus suffix >
Virus prefix refers to a virus, which is used to distinguish the racial classification of viruses. Different kinds of viruses have different prefixes. For example, the prefix Trojan of our common Trojan virus, the prefix worm of worm virus, and so on.
Virus name refers to the family characteristics of viruses, which is used to distinguish and identify virus families. For example, the surname of the famous CIH virus is unified as "CIH", and the surname of the oscillating wave worm is "Sasser".
Virus suffix refers to the variation characteristics of virus, which is used to distinguish a variant of a specific family virus. Generally, it is represented by 26 letters in English. Like Worm. Sasser.b refers to the variant B of the oscillating wave worm virus, so it is generally called "oscillating wave variant B" or "oscillating wave variant B". If the virus has many variants, numbers and letters can be mixed to indicate the identification of variants.
The following are some common virus prefixes (for our most commonly used Windows operating system):
1, system virus
The prefixes of system viruses are Win32, PE, Win95, W32, W95, etc. The general feature of these viruses is that they can infect *. Exe and *. Dll files of windows operating system and spread through these files. Such as CIH virus.
2. Worm virus
The prefix of worm virus is: worm. This virus is characterized by spreading through network or system vulnerabilities, and most worms have the characteristics of sending toxic emails and blocking the network. Such as shock waves (blocking the network), small postmen (sending poisonous letters) and so on.
3. Trojan virus and hacker virus
The prefix of Trojan virus is Trojan, and the prefix name of hacker virus is generally hack. Trojan horse virus is characterized by entering the user's system through network or system vulnerabilities and hiding it, and then revealing the user's information to the outside world. Hacker virus has a visual interface and can remotely control the user's computer. Trojan horses and hacker viruses often appear in pairs, that is, Trojan viruses are responsible for invading users' computers, and hacker viruses will be controlled by this Trojan virus. Now these two types are more and more integrated. Ordinary Trojans, such as Troy. QQ3344, which is the tail of QQ message, you may encounter more Trojan viruses aimed at online games, such as Trojan. LMir.PSW.60 Here, I would like to add that the names of viruses, such as PSW or PWD, generally indicate that viruses have the function of stealing passwords (these letters are generally abbreviations of "password" in English), and there are also some hacker programs, such as hackers. Net her. Customers, etc.
4. Script virus
Script virus is prefixed with script. The * * * feature of script virus is that it is written in script language and spread through web pages, such as Red Team. Script viruses also have the following prefixes: VBS, JS (indicating what script is written), such as VBS. Happy time Js. Wait two weeks.
5. Macro virus
In fact, macro virus is also a kind of script virus. Because of its particularity, it is listed as a separate category here. The prefix of macro virus is: macro, and the second prefix is: Word, Word97, Excel, Excel97 (maybe others). Any virus that only infects WORD97 and previous versions of WORD documents uses Word97 as the second prefix, and the format is: macro. Word97; Any virus that only infects WORD documents after WORD97 adopts WORD as the second prefix, and the format is: macro. Word; Any virus that only infects EXCEL97 and previous EXCEL documents uses Excel97 as the second prefix, and the format is: macro. Excel97; Any virus that only infects EXCEL documents after EXCEL97 takes EXCEL as the second prefix and the format is macro. Excel and so on. The * * * feature of this kind of virus is that it can infect OFFICE series documents, and then spread through common OFFICE templates, such as the famous Macro.Melissa.
6. Backdoor virus
The prefix of backdoor virus is: backdoor. This kind of virus is characterized by spreading through the network, opening the back door to the system and bringing security risks to users' computers.
7, virus planting program virus
This kind of virus is characterized by releasing one or several new viruses from the body into the system directory when it is running, and the released new viruses will cause damage. Such as: glacier seeder (dropper. Glacier 2.2C), MSN shooter (dropper. Worm.Smibag) and so on.
8. Destructive program virus
The prefix of destructive program virus is: harm. This kind of virus is characterized by beautiful icons to lure users to click. When a user clicks on this kind of virus, it will directly damage the user's computer. Such as: format disk C (Harm.formatC.f), killer command (Harm. Command. black boy) and so on.
9. Joke virus
The prefix of joke virus is: joke. Also known as prank virus. This kind of virus is characterized by beautiful icons to lure users to click. When users click on this kind of virus, the virus will do all kinds of destructive operations to scare users. In fact, the virus did not cause any damage to the user's computer. Such as: jokes. Girl ghost virus.
10. Binding machine virus
The prefix of binder virus is: binder. The * * * feature of this kind of virus is that the virus author will use a specific binding program to bind the virus with some applications such as QQ and IE. On the surface, it is a normal file. When users run these bundled viruses, they will run these applications on the surface, and then hide the bundled viruses, thus causing harm to users. For example, bind QQ(Binder. QQPass.QQBin) and system killer (Binder.killsys).
The above are common virus prefixes, and sometimes we will see some others, but they are rare. Here is a brief mention:
DoS: DoS attacks will be directed at the host or server;
Exploit: it will automatically spread itself by overflowing the other party or its own system vulnerabilities, or it is itself an overflow tool for hacker attacks;
HackTool: Hacking tools may not destroy your machine itself, but they will be used by others, treating you as body double to destroy others.
After you find out a virus, you can preliminarily judge the basic situation of the virus through the above methods, so as to achieve the effect of knowing yourself and yourself. This information will be of great help to you when anti-virus can't be automatically killed and you plan to use manual methods.
Virus name: I-worm/qq.porn.
Virus size: 20480, upx compression
Communication mode: network communication
Danger degree: * *
This virus is a worm. Send virus files through online QQ. After the virus runs, it will download another virus (Backdoor/Jieba.2004) from the hacker website, which can capture the login passwords of almost all commonly used windows under Win9x/Win2k/WinXp, such as OICQ/QQ, ICQ, Outlook,
Foxmail, e-mail, Internet account, software registration code, all kinds of game software, all kinds of financial software, all kinds of management software, dial-up Internet access, * * * directory access, screen saver and so on, as well as all kinds of login passwords on web pages, such as: Internet mail, Jianghu forums, chat rooms, password-protected materials and so on.
References:
/article/2007/ 1 122/a 2007 1 12292 1 14 1 _ 3 . shtml
/view/648742.htm