Many times we have used anti-virus software to find their own machines such as backdoor. rmtbomb.12, trojan.win32.sendip.15 and so on these a string of English also with digital virus name, at this time some people on the Meng, so long a string of names, how to know is what virus ah?
In fact, as long as you know some of the virus naming rules, the anti-virus software can be reported in the virus name to determine the virus some of the public characteristics.
So many viruses in the world, anti-virus companies to facilitate management, they will be according to the characteristics of the virus, the virus classification name. Although the naming rules for each anti-virus company are not the same, they are generally named by a uniform naming method.
The general format is:< virus prefix >.< virus name >.< virus suffix >.
The virus prefix refers to the type of virus that distinguishes the virus from the racial classification. Different kinds of viruses, their prefixes are also different. For example the common Trojan virus prefix trojan, worm's prefix is worm and so on and so on.
Virus name refers to the family characteristics of a virus, is used to distinguish and identify the virus family, such as the previous famous CIH virus family name is a unified "CIH", and the recent noisy oscillation wave worm virus family names are "Sasser".
A virus suffix is a variant of a virus that is used to distinguish a particular variant of a family virus. Generally used in English 26 letters to indicate, such as worm.sasser.b refers to the oscillation Wave worm virus variant B, so generally referred to as "oscillating wave B variant" or "oscillating Wave variant B." If the virus variant is very numerous (also indicating that the virus is hardy ^_^), a variant can be represented by a combination of numbers and letters.
To sum up, the prefix of a virus is very helpful for quickly determining which type of virus the virus belongs to. By judging the type of virus, you can have a ballpark estimate of the virus (which, of course, involves accumulating some common virus types that are not covered in this article). The virus name can be used to find information and other ways to further understand the detailed characteristics of the virus. The virus suffix can know which variant of the virus is now in your machine.
Some common explanations for virus prefixes (for the most used Windows operating systems) are included below:
1. System virus
The prefix of the system virus is: Win32, PE, Win95, W32, W95, etc. The general public nature of these viruses is the *.exe and *.dll files that can infect Windows operating systems and propagate through these files. such as CIH virus.
2. Worm virus
The worm prefix is: Worm. The public nature of the virus is spread through a network or system vulnerability, and most worms have the characteristics of sending out poisonous mail and blocking the network. such as shock waves (blocking the network), small mailman (send poison mail) and so on.
3, Trojan virus, Hacker virus
Trojan virus its prefix is: trojan, hacker virus prefix name is generally Hack. Trojan virus's public characteristic is through the network or the system flaw enters the user's system and hides, then leaks the user's information to the outside, but the hacker virus has a visual interface, can the user's computer to carry on the remote control. Trojans, hackers often appear in pairs, that is, Trojan virus is responsible for intrusion into the user's computer, and hackers will be through the Trojan virus to control. Now these two types are becoming more and more integrated. General Trojans such as the QQ message tail Trojan trojan.qq3344, and everyone may meet more than the Trojan virus for online games such as trojan.lmir.psw.60. In addition, there are PSW or pwd in the name of the virus that generally means that the virus has the function of stealing passwords (these letters are generally "password" in English "password" abbreviation) some hacker programs such as: Network Beikewen (Hack.Nether.Client), etc.
4. Script virus
The script virus prefix is: script. The public character of a script virus is a virus that is written in scripting languages and transmitted through a Web page, such as the Red Code (SCRIPT.REDLOF). The script virus will also have the following prefix: VBS, JS (indicating what script is written), such as Happy Time (Vbs.happytime), 14th (JS.FORTNIGHT.C.S).