Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support

Send a message

Your tickets

Profile

Dr.Web virus classification

"HLL." (High-Level Language): Viruses written in high-level programming languages (such as C, C++, Pascal, Basic, etc.). In some cases the code of the compiled HLL viruses is packed with different compression utilities (PKLITE, LZEXE, DIET, etc.).

There are several classes of HLL-viruses:

  • "HLLC." (High-Level Language Companion): Viruses that employ an infection algorithm based on the manipulation of filenames in the file system. Generally the HLLC virus renames the original executable file (or moves it to another folder) and then uses the original executable filename to create a copy of the virus in its place.
  • "HLLO." (High-Level Language Overwriting): Viruses that overwrite the data of the affected file.
  • "HLLP." (High-Level Language Parasitic): Viruses that infect executable files without damaging the original data file.
  • "HLLW." (High-Level Language Worm): Viruses that do not need any host file to spread; they just copy themselves to disk directories.
  • "HLLM." (High-Level Language MassMailing Worm): Virus worm programs of mass distribution written in high-level programming languages.

"Trojan horses"

  • "Trojan." — it is a common name for different "Trojan horse" programs.
  • "PWS." — password stealing Trojans. Generally, combined with "Trojan." prefix - "Trojan.PWS."
  • "Backdoor." — it is a Trojan horse program which contains a RAT-function inside (RAT - Remote Administration Tool).

Silly-viruses

These are the viruses which don't have any special characteristic (such as text strings, special effects, etc.) and therefore cannot be given any unique name.

  • "SillyC." — non-resident, infect only COM-files;
  • "SillyE." — non-resident, infect only EXE-files;
  • "SillyCE." — non-resident, infect only COM- and EXE-files;
  • "SillyRC." — resident, infect only COM-files;
  • "SillyRE." — resident, infect only EXE-files;
  • "SillyRCE." — resident, infect only COM- and EXE-files;
  • "SillyO." — non-resident viruses which overwrite affected files ;
  • "SillyOR." — resident viruses which overwrite affected files.

Macro Viruses for MS Office.

These viruses use the features of file formats and built-in macro languages of MS Office applications (Word Basic for MS Word 6.0-7.0; VBA3 for MS Excel 5.0-7.0; VBA5 for MS Office'97; VBA6 for MS Office'2000).

  • "WM." - infect MS Word 6.0-7.0 documents and templates;
  • "XM." - infect MS Excel 5.0-7.0 sheets;
  • "W97M." - infect MS Word 8.0-9.0 (MS Office'97/2000) documents and templates;
  • "X97M." - infect MS Excel 8.0-9.0 (MS Office'97/2000) sheets;
  • "A97M." - infect MS Access'97/2000 databases;
  • "O97M." - "multi-platform" macro viruses for several MS Office applications simultaneously.

Script-viruses

These viruses are written in different script languages. As a rule, VBS-, JS- and WScript- viruses are worms that use email services to spread.

  • "VBS." - viruses are written in Visual Basic Script language;
  • "JS." - viruses are written in Java Script language;
  • "WScript." - VBS- and/or JS- worms are often embedded in HTML-files.
  • "BAT." - viruses are written in MS-DOS command interpreter language

Other

  • "IRC." - worms spreading via Internet Relayed Chat channels.

We also use such postfixes

  • ".generator" - specifies the so called "Virus constructor" programs themselves.
  • ".based" - this suffix means that the virus was generated by specified virus constructor program or that the virus was designed as a generic modification of specified "basic" virus code.
  • ".dropper" - it is a common name for "installator" of a specified virus. This is not a virus, but when this "dropper" is run, it produces a virus and installs it into the operating system (into executable file, document, boot sector, etc).

Viruses wriiten for different operating systems and platforms

  • "Win." - infects Windows 16-bit executable programs (NE). NE - NewExe - Windows 3.xx executable files format. Some of these viruses can work not only in Windows'3.xx environment but in Win'95/98/NT too.
  • "Win95." - infects Windows 32-bit executables (PE and LE(VxD)) and works only in Windows 95/98 environment
  • "WinNT." - infects Windows 32-bit executables (PE) and works only in Windows NT environment
  • "Win32." - infects Windows 32-bit executables (PE) and works in different Win32-environments - Windows 95/98/NT
  • "OS2." - infects OS/2 executable programs (LX) and works only in OS/2 environment
  • "Linux." - infects Linux executable programs and works only in Linux environment
  • "Java." - viruses which are written in the Java language

俄罗斯Dr.Web反病毒产品研发厂商

研发始自1992年

Dr.Web产品用户遍布世界200多个国家

2007年起提供反病毒服务

全天支持

© Doctor Web
2003 — 2018

Doctor Web公司是俄罗斯信息安全反病毒保护产品厂商,产品商标为Dr.Web。Dr.Web产品研发始自1992年。

天津市经济技术开发区第四大街80号软件大厦北楼112