Академический Документы
Профессиональный Документы
Культура Документы
Aliases
There is no commonly accepted industry standard for naming viruses and malicious mobile code.
Each may be known by several different names or aliases.
Backdoor
A Backdoor is a program that opens secret access to systems, and is often used to bypass
system security. A Backdoor program does not infect other host files, but nearly all Backdoor
programs make registry modifications. For detailed removal instructions please view the virus
description.
Date of origin
Indicates when a virus was first discovered (if known).
Destructive viruses
In addition to self-replication, computer viruses may have a routine that can deliver the virus
payload. A virus is defined as destructive if its payload does some damage to your system, such
as corrupting or deleting files, formatting your hard drive, and committing denial-of-service attacks
etc.
ELF
ELF refers to Executable and Link Format, which is the well-documented and available file format
for Linux/UNIX executables
Encrypted viruses
Indicates that the virus code contains a special routine that encrypts the virus body to evade
detection by antivirus software.
Joke programs
Joke programs are ordinary executable programs. They are added to the detection list because
they are found to be very annoying and/or they contain pornographic images. Joke programs
cannot spread unless someone deliberately distributes them. To get rid of a Joke program, delete
the file from your system.
Language
This refers to the language locale of the virus working platform such as MS Word in English or
Chinese.
Malware
Malware is a general term used to refer to any unexpected or malicious programs or mobile
codes such as viruses, Trojan, worm, or Joke programs.
Macro virus
Macro viruses are viruses that use another application's macro programming language to
distribute themselves. They infect documents such as MS Word or MS Excel. Unlike other
viruses, macro viruses do not infect programs or boot sectors - although a few do drop programs
on the user's hard drive. The dropped files may infect executable programs or boot sectors.
Macro viruses can be removed safely from the infected document using antivirus products.
Special note: Occasionally, you may get an "illegal operation" error when you try to start MS Word
after cleaning a Word macro virus. If this happens, search for the file "normal.dot" and rename it
to "normaldot.bak." MS Word will generate a new, clean "normal.dot" the next time it is started.
This problem occurs because some viruses can leave harmless code residue that MS Word may
be reading incorrectly, causing erratic behavior.
NE
NE refers to New Executable, which is the standard Windows 16-bit executable file format.
Windows 16-bit viruses are detected as "NE_Virusname."
Password
Some viruses set a password when they infect a document. The main objective of the virus here
is to make the document inaccessible. This password can be a word, phrase, or even a randomly
generated number.
Payload
A virus' payload is an action it performs on the infected computer. This can be something
relatively harmless like showing messages or ejecting the CD drive, or something destructive like
deleting the entire hard drive.
PE
PE refers to Portable Executable, which is the standard Win32 executable file format. Windows
32-bit viruses are detected "PE_Virusname."
Place of origin
Indicates where a virus is believed to have originated (if known).
Platform
Indicates the computer operating system or application on which a virus can run and perform an
infection. Generally, a particular operating system is required for executable viruses and a
specific application is needed for macro viruses.
Proof of Concept
A proof of concept virus or Trojan indicates that something is new or that it has never seen
before. For example, VBS_Bubbleboy was a proof of concept worm, as it was the first email
worm to automatically execute without requiring a user to double-click on an attachment. Most
proof of concept viruses are never seen in-the-wild. However, virus writers will often take the idea
(and code) from a proof of concept virus and implement it in future viruses.
Rate of infection
This table displays the relative rate of infection in each region. While the "number of computers
infected" table reflects the larger numbers of Internet users in North America, Asia and Europe,
the "rate of infection" is useful as an estimate of how quickly a virus is spreading in each region.
An infection rate of 5%, for example, means that approximately 5 out of 100 computers are
infected.
Risk rating
The risk rating of a virus is an assessment of the threat posed by a virus. It is based on a number
of different factors including, but not limited to, potential to spread, destructiveness of the
payload, and actual number of cases reported etc.
HTML viruses use the scripts embedded in HTML files to do their damage. These embedded
scripts automatically execute the moment the HTML page is viewed from a script-enabled
browser.
Solution
Most viruses can be cleaned or removed from the infected host files. Special removal instructions
are provided for viruses or Trojans that modify the system registry and/or drop files. Generally, to
remove Trojans or Joke programs, you just need to delete the program files - no cleaning action
is needed.
To keep your computer healthy by catching viruses before they have a chance to infect your PC
or network, get the best antivirus solution available today.
Time period
This chart displays the number of computers infected within the last 24 hours (1d), last 7 days
(7d), last year (1y), or since detection first became available (All).
Trojan
A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious,
actions such as displaying messages, erasing files or formatting a disk. A Trojan horse doesn't
infect other host files, thus cleaning is not necessary. To get rid of a Trojan, simply delete the
program.