Protégez votre univers

Nos autres ressources

  • free.drweb.fr — utilitaires gratuits, plugins, widgets
  • av-desk.com — service Internet pour les prestataires de services Dr.Web AV-Desk
  • curenet.drweb.com — l'utilitaire de désinfection réseau Dr.Web CureNet!
Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR JP PL UA
Fermer
Support services
Scanners
Dr.Web vxCube
Trial
Buy
Services
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Dr.Web virus classification

"HLL." (High-Level Language): Viruses written in high-level programming languages (such as C, C++, Pascal, Basic, etc.). In some cases the code of the compiled HLL viruses is packed with different compression utilities (PKLITE, LZEXE, DIET, etc.).

There are several classes of HLL-viruses:

  • "HLLC." (High-Level Language Companion): Viruses that employ an infection algorithm based on the manipulation of filenames in the file system. Generally the HLLC virus renames the original executable file (or moves it to another folder) and then uses the original executable filename to create a copy of the virus in its place.
  • "HLLO." (High-Level Language Overwriting): Viruses that overwrite the data of the affected file.
  • "HLLP." (High-Level Language Parasitic): Viruses that infect executable files without damaging the original data file.
  • "HLLW." (High-Level Language Worm): Viruses that do not need any host file to spread; they just copy themselves to disk directories.
  • "HLLM." (High-Level Language MassMailing Worm): Virus worm programs of mass distribution written in high-level programming languages.

"Trojan horses"

  • "Trojan." — it is a common name for different "Trojan horse" programs.
  • "PWS." — password stealing Trojans. Generally, combined with "Trojan." prefix - "Trojan.PWS."
  • "Backdoor." — it is a Trojan horse program which contains a RAT-function inside (RAT - Remote Administration Tool).

Silly-viruses

These are the viruses which don't have any special characteristic (such as text strings, special effects, etc.) and therefore cannot be given any unique name.

  • "SillyC." — non-resident, infect only COM-files;
  • "SillyE." — non-resident, infect only EXE-files;
  • "SillyCE." — non-resident, infect only COM- and EXE-files;
  • "SillyRC." — resident, infect only COM-files;
  • "SillyRE." — resident, infect only EXE-files;
  • "SillyRCE." — resident, infect only COM- and EXE-files;
  • "SillyO." — non-resident viruses which overwrite affected files ;
  • "SillyOR." — resident viruses which overwrite affected files.

Macro Viruses for MS Office.

These viruses use the features of file formats and built-in macro languages of MS Office applications (Word Basic for MS Word 6.0-7.0; VBA3 for MS Excel 5.0-7.0; VBA5 for MS Office'97; VBA6 for MS Office'2000).

  • "WM." - infect MS Word 6.0-7.0 documents and templates;
  • "XM." - infect MS Excel 5.0-7.0 sheets;
  • "W97M." - infect MS Word 8.0-9.0 (MS Office'97/2000) documents and templates;
  • "X97M." - infect MS Excel 8.0-9.0 (MS Office'97/2000) sheets;
  • "A97M." - infect MS Access'97/2000 databases;
  • "O97M." - "multi-platform" macro viruses for several MS Office applications simultaneously.

Script-viruses

These viruses are written in different script languages. As a rule, VBS-, JS- and WScript- viruses are worms that use email services to spread.

  • "VBS." - viruses are written in Visual Basic Script language;
  • "JS." - viruses are written in Java Script language;
  • "WScript." - VBS- and/or JS- worms are often embedded in HTML-files.
  • "BAT." - viruses are written in MS-DOS command interpreter language

Other

  • "IRC." - worms spreading via Internet Relayed Chat channels.

We also use such postfixes

  • ".generator" - specifies the so called "Virus constructor" programs themselves.
  • ".based" - this suffix means that the virus was generated by specified virus constructor program or that the virus was designed as a generic modification of specified "basic" virus code.
  • ".dropper" - it is a common name for "installator" of a specified virus. This is not a virus, but when this "dropper" is run, it produces a virus and installs it into the operating system (into executable file, document, boot sector, etc).

Viruses wriiten for different operating systems and platforms

  • "Win." - infects Windows 16-bit executable programs (NE). NE - NewExe - Windows 3.xx executable files format. Some of these viruses can work not only in Windows'3.xx environment but in Win'95/98/NT too.
  • "Win95." - infects Windows 32-bit executables (PE and LE(VxD)) and works only in Windows 95/98 environment
  • "WinNT." - infects Windows 32-bit executables (PE) and works only in Windows NT environment
  • "Win32." - infects Windows 32-bit executables (PE) and works in different Win32-environments - Windows 95/98/NT
  • "OS2." - infects OS/2 executable programs (LX) and works only in OS/2 environment
  • "Linux." - infects Linux executable programs and works only in Linux environment
  • "Java." - viruses which are written in the Java language

Editeur russe des solutions antivirus Dr.Web

Expérience dans le développement depuis 1992

Les internautes dans plus de 200 pays utilisent Dr.Web

L'antivirus est fourni en tant que service depuis 2007

Support 24/24

© Doctor Web
2003 — 2018

Doctor Web - éditeur russe des solutions antivirus Dr.Web. Doctor Web développe les produits Dr.Web depuis 1992.

333b, Avenue de Colmar, 67100 Strasbourg

Politique de confidentialité

Autres ressources Dr.Web