Teach you to identify computer viruses

Many times we have used anti-virus software to find their own machines such as backdoor. rmtbomb.12, trojan.win32.sendip.15 and so on these a string of English also with digital virus name, at this time some people on the Meng, so long a string of names, how do I know what the virus ah?

In fact, as long as we know some of the virus naming rules, we can use the anti-virus software report in the virus name to determine the virus some of the public characteristics.

So many viruses in the world, anti-virus companies to facilitate management, they will be according to the characteristics of the virus, the virus classification name. Although the naming rules for each anti-virus company are not the same, they are generally named by a uniform naming method.

The general format is:< virus prefix >.< virus name >.< virus suffix >.

The virus prefix refers to the type of virus that distinguishes the virus from the racial classification. Different kinds of viruses, their prefixes are also different. For example our common Trojan virus prefix trojan, worm's prefix is worm and so on and so on.

Virus name refers to the family characteristics of a virus, is used to distinguish and identify the virus family, such as the previous famous CIH virus family name is a unified "CIH", and the recent noisy oscillation wave worm virus family names are "Sasser".

A virus suffix is a variant of a virus that is used to distinguish a particular variant of a family virus. Generally used in English 26 letters to indicate, such as worm.sasser.b refers to the oscillation Wave worm virus variant B, so generally referred to as "oscillating wave B variant" or "oscillating Wave variant B." If the virus variant is very numerous (also indicating that the virus is hardy ^_^), a variant can be represented by a combination of numbers and letters.

To sum up, the prefix of a virus is very helpful for us to quickly determine which type of virus the virus belongs to. By judging the type of virus, you can have a ballpark estimate of the virus (which, of course, involves accumulating some common virus types that are not covered in this article). And through the virus name we can use to find information and other ways to further understand the detailed characteristics of the virus. The virus suffix lets us know which variant of the virus is now in your machine.

Some of the common virus prefixes are explained below (for the Windows operating system that we use most):

1. System virus

The prefix of the system virus is: Win32, PE, Win95, W32, W95, etc. The general public nature of these viruses is the *.exe and *.dll files that can infect Windows operating systems and propagate through these files. such as CIH virus.

2. Worm virus

The worm prefix is: Worm. The public nature of the virus is spread through a network or system vulnerability, and most worms have the characteristics of sending out poisonous mail and blocking the network. such as shock waves (blocking the network), small mailman (send poison mail) and so on.

3, Trojan virus, Hacker virus

Trojan virus its prefix is: trojan, hacker virus prefix name is generally Hack. Trojan virus's public characteristic is through the network or the system flaw enters the user's system and hides, then leaks the user's information to the outside, but the hacker virus has a visual interface, can the user's computer to carry on the remote control. Trojans, hackers often appear in pairs, that is, Trojan virus is responsible for intrusion into the user's computer, and hackers will be through the Trojan virus to control. Now these two types are becoming more and more integrated. General Trojans such as the QQ message tail Trojan trojan.qq3344, and everyone may meet more than the Trojan virus for online games such as trojan.lmir.psw.60. In addition, there are PSW or pwd in the name of the virus that generally means that the virus has the function of stealing passwords (these letters are generally "password" in English "password" abbreviation) some hacker programs such as: Network Beikewen (Hack.Nether.Client) and so on.

4. Script virus

The script virus prefix is: script. The public nature of the script virus is a virus that is written in scripting language, transmitted through web pages, such as the Red Code (SCRIPT.REDLOF)--not our boss code brother!

^_^. The script virus will also have the following prefix: VBS, JS (indicating what script is written), such as Happy Time (Vbs.happytime), 14th (JS.FORTNIGHT.C.S).

5, Macro virus

In fact, the macro virus is also a script virus, because of its particularity, so here alone into a class. Macro virus prefix is: Macro, the second prefix is: Word, WORD97,

Excel, Excel97 (and perhaps other) one of them. Viruses that only infect WORD97 and previous versions of Word documents use WORD97 as the second prefix, in the form of: macro.word97

A virus that infects only WORD97 versions of Word documents is followed by Word as the second prefix, in the form of: macro.word; viruses that only infect EXCEL97 and previous versions of Excel documents

Using EXCEL97 as the second prefix, the format is: macro.excel97; any virus that infects only EXCEL97 versions of Excel documents is followed by Excel as the second prefix, in the form of: Macro.

Excel, and so forth. The public nature of this virus is the ability to infect Office series documents and then propagate through office generic templates, such as the famous Melissa (Macro.melissa).