Basic Computer Virus identification knowledge

Many times, you have used anti-virus software to find out your own machine, such as Backdoor. rmtBomb.12, Trojan. win32.SendIP. 15. Wait for a string of virus names with numbers in English, and some people will be disconnected. How can I know what the virus is like?
In fact, as long as we master the naming rules of some viruses, we can determine some public characteristics of the virus through the virus name in the report of anti-virus software.

In order to facilitate management of so many viruses in the world, anti-virus companies classify and name viruses according to their characteristics. Although the naming rules of every anti-virus company are not the same, they generally adopt a uniform naming method.

The general format is <virus prefix>. <virus Name>. <virus suffix>.

A virus prefix refers to a virus type, which is used to distinguish the race classification of viruses. Different types of viruses have different prefixes. For example, the prefix of common Trojan viruses is Trojan, And the prefix of worms is Worm.

Virus names refer to the family characteristics of a virus and are used to distinguish and identify the virus family. For example, the family names of the famous CIH virus are unified "CIH ", in addition, the family name of the recently popular wannacache worm is "Sasser ".

A virus suffix is a variant of a virus. It is used to distinguish a variant of a specific family of viruses. Generally, 26 letters are used for representation, such as Worm. sasser. B Refers to B, a variant of the worm, which is generally referred to as "B variant" or "B variant ". If the virus has many variants (It also indicates that the virus is tenacious ^_^), you can use a mix of numbers and letters to represent the variant logo.

To sum up, the prefix of a virus helps us quickly determine which type of virus the virus belongs. By judging the virus type, you can make a rough assessment of the virus (of course, this requires accumulating knowledge about the common virus type, which is not covered in this article ). Through the virus name, we can further learn the detailed characteristics of the virus by searching for information. Virus suffixes let us know which Virus Variant is in your computer.

The following are some common interpretations of the virus prefix (for the most popular Windows operating systems ):

1. system viruses

System viruses are prefixed with Win32, PE, Win95, W32, and W95. Common public features of these viruses are that they can infect *. exe and *. dll files in windows operating systems and spread them through these files. For example, CIH virus.

2. Worms

The prefix of the Worm is Worm. The public feature of this virus is spread through network or system vulnerabilities. Most of the worms send out infected emails, blocking the network. For example, shock wave (blocking Network) and small Postman (sending infected mail.

3. Trojan and hacker viruses

The prefix of a Trojan is Trojan, And the hacker virus prefix is generally Hack. The public feature of the Trojan virus is to access and hide the user's system through network or system vulnerabilities, and then leak user information to the outside world. The hacker virus has a visual interface, remote Control of users' computers. Trojans and hackers' viruses are often paired, that is, the trojan virus is used to intrude into users' computers, and the hacker virus is controlled by the trojan virus. These two types are becoming more and more integrated. General Trojans, such as QQ message tail Trojans Trojan. QQ3344, and many other Trojans for online games, such as Trojan. LMir. ps000060. Here, PSW or PWD in the virus name generally indicates that the virus has the password stealing function (these letters are generally abbreviated as "password) some hacker programs such as network hacker (Hack. nether. client.

4. Script Virus

The prefix of the Script virus is Script. The public feature of the Script virus is that it is written in a Script language and spread through webpages, such as red code (Script. Redlof). It is not our boss code brother. Script viruses also have the following prefixes: VBS and JS (indicating which scripts are written), such as Happy Time (VBS. happytime), 14th (Js. fortnight. c. s.

5. macro virus

In fact, macro virus is also a type of script virus. Due to its special nature, it is regarded as a unique type here. The Macro virus prefix is Macro, and the second prefix is Word, Word97, Excel, and Excel97 (maybe there are others. For viruses that only infect WORD97 and previous Word documents, use Word97 as the second prefix in the format of Macro. word97; any virus infected with Word documents later than WORD97 uses Word as the second prefix in the format of Macro. word: any virus that only infected with EXCEL 97 or earlier versions adopts EXCEL97 as the second prefix. The format is Macro. excel97; EXCEL is the second prefix for viruses that only infect Excel files later than EXCEL97. The format is Macro. excel, and so on. The public feature of this virus is that it can infect OFFICE documents and then spread it through common OFFICE templates, such as the famous Misha (Macro. Melissa ).

6. Backdoor Virus

The prefix of the Backdoor virus is Backdoor. The public feature of this type of virus is to spread through the network, open a backdoor to the system, and bring security risks to users' computers. For example, 54 IRC Backdoor. IRCBot that many friends have ever met.

7. Virus planting program virus

The public feature of these viruses is that one or more new viruses will be released from the body to the system directory during runtime, which will be damaged by the released new viruses. Such as Dropper. BingHe2.2C and Dropper. Worm. Smibag.

8. destructive program viruses

The prefix of the destructive program virus is Harm. The public feature of these viruses is that they have good-looking icons to entice users to click. When users click these viruses, the virus will directly damage users' computers. For example, formatting a c drive (Harm. formatC. f) and a Killer Command (Harm. Command. Killer.

9. Joke Virus

The prefix of Joke virus is Joke. It is also called a prank virus. The public feature of these viruses is that they have good-looking icons to entice users to click. When users click these viruses, the virus will make various damage operations to scare users, in fact, the virus has not damaged users' computers. For example, the virus Joke. Girlghost.

10. bundling machine Virus

The binding machine virus prefix is: Binder. The public feature of this type of virus is that the virus author binds the virus with some applications such as QQ and IE using a specific bundle. On the surface, the virus is a normal file, when a user runs these bundled viruses, these applications are run on the surface, and then the virus running together is hidden, causing harm to the user. For example, Binder. QQPass. QQBin and Binder. killsys. The above is a common virus prefix. Sometimes we will see some others, but it is rare. Here is a brief introduction:

DoS: DoS attacks are performed on a host or server;

Exploit: it will automatically spread itself through overflow of the other party or its own system vulnerabilities, or it is itself a hacker overflow tool;

HackTool: a hacker tool may not damage your machine, but may be used by others to use you as a proxy to destroy others.

After detecting a virus, you can use the methods mentioned above to preliminarily determine the basic situation of the virus, so that you can know yourself and know yourself. This information will be of great help to you if you plan to use manual methods.