| Description: |
Adware is a type of advertising display software whose primary purpose is to deliver advertising content in a manner or context that may be unexpected and unwanted by users. |
| Replication: |
Does not replicate. |
| |
| Affects: |
MS Access 97 or later on any operating system. |
| Language: |
VBA macro language. |
| Replication: |
Infects other Access database files when an infected database is opened. |
| Naming: |
Anti-Virus reports these viruses with the prefix "AM97/". Prefixes used by other anti-virus companies include "A97M" and "AM". |
| |
| Description: |
AppleScript is the default batch language of Macintosh Operating Systems. As such the majority of applications that are installed on Macintosh computers are scriptable by AppleScript. An AppleScript worm is a script that uses the functionality of AppleScript to spread to other computers or scripts an email application to send itself out. |
| Naming: |
Anti-Virus reports these worms with the prefix "AplS/". |
![[TOP]](/images/arrowtop.gif) |
| Description: |
A utility that has been downloaded along with a desired program, and is unwanted, such as adware or spyware. |
| Replication: |
Does not replicate. |
| Naming: |
Anti-Virus reports these applications with the prefix "App/". |
| |
| Affects: |
Computers connected to a network with DOS, Windows 95/98/Me and Windows NT/2000 operating systems. |
| Replication: |
Batch file worms spread by searching for shared areas on remote computers to which they can copy themselves. |
| Naming: |
Anti-Virus reports these worms with the prefix "Bat/". |
|
| Description: |
The BIOS is the very first piece of software which runs when your computer is switched on, so it must be present for your computer to work. Without it, your PC is effectively useless.
The BIOS is stored in special chip on the motherboard which maintains its contents even when the power is switched off. This is supposed to ensure that the BIOS is always there when you need it. |
| Note: |
On many computers the BIOS can be upgraded using software supplied by the BIOS manufacturer. It can also be damaged by viruses such as W95/CIH-10xx and the damage may mean you cannot boot up your PC at all. If the BIOS chip cannot be replaced (some BIOS chips are soldered into position), you may even need to replace your computer's motherboard. |
| |
| Description: |
An email which urges the recipient to forward the email to other people. |
| Examples: |
View chain letters. |
|
| Description: |
The CMOS settings maintain fundamental system configuration information, which is stored in a special chip on the motherboard. This chip, usually powered by a battery, can operate independently of the rest of the computer. It keeps things like the system clock up-to-date even when the power is switched off.
The CMOS settings also record what sort of disks are installed in the PC, whether or not a password is required at start-up, and which devices (e.g. floppy, hard disk, CD-ROM or network) should be used when trying to boot up the computer. If your CMOS settings are inaccurate, then your computer may not work properly.
Some viruses and trojans, such as Troj/KillCMOS-E, deliberately corrupt these settings to try to stop your computer working. Although it is usually fairly easy to correct the CMOS settings, the procedure for doing so varies from computer to computer. You may need to refer to your computer's manual or the manufacturer's website for assistance. |
| Note: |
One of the CMOS settings is called the "boot sequence". This determines whether the computer will try to boot from floppy disk or not. Because accidentally booting from a floppy can introduce boot sector viruses such as Form, recommends changing this setting so that the computer routinely boots from the hard disk. Please read Guidelines for Safer Computing. |
| |
| Affects: |
Any operating system. |
| Replication: |
A companion virus will rename either itself or its target file in an attempt to trick the user into running the virus rather than another program. For example, a companion virus attacking a file named GAME.EXE may rename the target file to GAME.EX and create a copy of itself called GAME.EXE. Alternatively it may simply rename itself to GAME.COM and rely on the user running 'GAME' from a command prompt as the operating system would then run GAME.COM rather than GAME.EXE. |
| Naming: |
There is no standard naming convention for this type of virus. |
|
| Affects: |
Corel SCRIPT files running under any operating system. |
| Language: |
Corel SCRIPT macro language. |
| Replication: |
When an infected script is run it infects other Corel SCRIPT files. |
| Naming: |
Anti-Virus reports these viruses with the prefix "CSC/". |
| |
| Description: |
A day zero threat is a new threat released in the wild before threat detection signatures are available to protect against it. Fast moving threats such as internet worms can cause huge amounts of damage at day zero. |
| Description: |
A Dialer is a program that typically dials a premium rate phone line, normally with the intent of gaining access to pornographic material. |
| Replication: |
Does not replicate. |
| Naming: |
reports these programs with the prefix Dial/. |
|
| Affects: |
DOS Boot Sector (aka DOS Boot Record) of hard disks and boot sector of floppy disks.
DOS Boot Sector viruses can infect any Intel-compatible PC which is configured to boot from a floppy drive.
More secure operating systems such as Windows NT can be infected but may prevent the virus from replicating. |
| Language: |
Intel 80x86 Assembler. |
| Replication: |
Loads into memory when an infected PC is booted and then infects any floppy disk used in the PC. A PC which boots from an infected floppy disk becomes infected. |
| Naming: |
There is no standard naming convention for this type of virus. |
| |
| Affects: |
DOS/Windows executable files. |
| Replication: |
Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect. |
| Naming: |
There is no standard naming convention for this type of virus. |
| |
| Affects: |
DOS executable files. |
| Replication: |
Affects DOS executables on a system by overwriting them. Traditionally spreads to other systems by means of floppy disk exchange. |
| Naming: |
Anti-Virus does not report these worms with a special prefix. |
| |
| Description: |
Dropped files are files that have been dropped by a virus, Trojan or worm and are detected by Anti-Virus. They include damaged versions of the original program. |
| Replication: |
Does not replicate. |
| Naming: |
There is no standard naming convention for this type of virus. |
| |
| Description: |
A file created specifically to introduce a virus, worm or Trojan into a system. The file may be of a different type to the virus, worm or Trojan it introduces. |
| Naming: |
There is no standard naming convention for this type of virus. |
| |
| Affects: |
MS Excel 5 or later running on any operating system. |
| Language: |
Excel formula language. |
| Replication: |
When an infected document is opened the viral formula sheet is copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened. |
| Naming: |
Anti-Virus reports these viruses with the prefix "XF/" or "XF97/". |
|
| Affects: |
MS Excel 5 or later running on any operating system. |
| Language: |
VBA3 macro language. |
| Replication: |
When an infected document is opened the viral macros are copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened. |
| Naming: |
Anti-Virus reports these viruses with the prefix "XM/" (earlier versions used "Excel"). |
| |
| Affects: |
MS Excel 97 or later running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Replication: |
When an infected document is opened the viral macros are copied into a file in the XLSTART directory. This is automatically loaded into other documents when they are opened.
Some viruses such as XM97/Papa also use mail programs such as Outlook to automatically send infected files to names listed in the address book. |
| Naming: |
Anti-Virus reports these viruses with the prefix "XM97/". Prefixes used by other anti-virus companies include "X97M". |
| |
| Description: |
An incorrect report that a file is infected with a virus. |
| |
| Description: |
's proactive protection technology will identify viruses, Trojans or worms of a particular family with the suffix -Fam or -Gen initially, where the variant is not currently separately identified. Where full analysis is performed, the variant will then be individually named. |
| |
| Affects: |
JavaScript scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer. |
| Language: |
JavaScript |
| Replication: |
Inserts itself inside files. |
| Naming: |
Anti-Virus reports these viruses with the prefix "JS/". |
| |
| Affects: |
JavaScript scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer. |
| Language: |
JavaScript |
| Replication: |
Uses IRC, Outlook or Windows networking functions to email multiple copies of infected files to other people or copy itself across the network. |
| Naming: |
Anti-Virus reports these worms with the prefix "JS/". |
| |
| Description: |
A computer program designed to be mistaken for a virus. Jokes do not replicate, can be safely deleted and are harmless to a computer. Their aim is to cause alarm, and waste time and resources. |
| Replication: |
Does not replicate. |
| Naming: |
Anti-Virus reports these files with the prefix "Joke/". |
|
| Description: |
A program that records users keystrokes with the intention of capturing sensitive information such as credit card details. |
|
| Description: |
A computer program that no longer works as a virus for a variety of reasons. Anti-Virus detects these files so that the inactive virus code can be removed. |
| Naming: |
Anti-Virus reports these files with the prefix "Junk/". |
| |
| Affects: |
Various Linux Platform ELF (Executable and Linkable Format) files. |
| Replication: |
Infects other executable files using a variety of mechanisms. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Linux/". |
|
| Affects: |
Computers connected to a network running Linux. |
| Replication: |
Linux worms take advantage of flaws in networking code to gain unauthorised access to remote computers running Linux. Once they have gained access they will begin searching for new machines to infect and are often initially noticed by increased network traffic. They can spread rapidly between computers permanently connected to the internet because they require no user intervention to function. |
| Naming: |
Anti-Virus reports these worms with the prefix "Linux/". Prefixes used by other anti-virus vendors include "Unix". |
| |
| Affects: |
Macintosh computers. |
| Replication: |
Infects other Macintosh files by a variety of mechanisms. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Mac/". |
|
| Affects: |
Power Macintosh computers. |
| Replication: |
Uses the QuickTime AutoPlay feature to copy itself from and to infected diskettes when they are inserted. |
| Naming: |
Anti-Virus reports these worms with the prefix "Mac/". |
| |
| Affects: |
Macromedia Flash files associated with the Flash 5 player. |
| Replication: |
Typically the virus replicates itself by copying itself to the script at the start of the Flash file. |
|
| Affects: |
MapInfo. |
| Language: |
MapBasic. |
| Replication: |
Infects the MapInfo application so as to infect other MapInfo Map files. |
| Naming: |
Anti-Virus reports these viruses with the prefix "MPB/". |
| |
| Affects: |
Master Boot Sector (aka Master Boot Record) of hard disks and boot sector of floppy disks.
Master Boot Sector viruses can infect any Intel-compatible PC which is configured to boot from a floppy disk drive.
More secure operating systems such as Windows NT can be infected but may prevent the virus from replicating. |
| Language: |
Intel 80x86 Assembler. |
| Replication: |
Loads into memory when an infected PC is booted and then infects any floppy disk used in the PC. A PC which boots from an infected floppy disk becomes infected.
If the BIOS settings are changed to prevent the PC booting from the floppy drive then the PC cannot become infected. |
| Naming: |
There is no standard naming convention for this type of virus. |
|
| Affects: |
All file types. |
| Description: |
This prefix is used to denote viruses that infect in the middle of a file rather than at the traditional entry point. Some viruses are reported with this prefix if they are detected at the email gateway and with a different prefix at the desktop. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Mid/". |
| |
| Affects: |
Systems running IRC. |
| Language: |
IRC Script. |
| Replication: |
These are executable files which modify SCRIPT.INI file to make IRC distribute copies of themselves. |
| Naming: |
Anti-Virus reports these worms with the prefix "mIRC/" or "pIRC/". |
|
| Description: |
A problem which is often erroneously attributed to computer viruses. |
| |
| Affects: |
systems running Microsoft Command Shell. |
| Replication: |
When an infected script is run it infects other MSH files |
| Naming: |
Anti-Virus reports these viruses with the prefix "MSH/" |
| |
| Description: |
Each detected virus, Trojan and worm, and family of virus, Trojan and worm variants, are each given a name. The programming code in all variants within a family will be similar (it is often copied and only altered slightly) and the effects will usually also be similar. |
| |
| Affects: |
MS Office 97 (or later) running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Replication: |
Infects two or more different Office components. Most of them infect Word and Excel but PowerPoint and Project files can also be affected. |
| Naming: |
Anti-Virus reports these viruses with the prefix "OF97/". |
|
| Affects: |
PalmOS Palm resource (PRC) files. |
| Replication: |
All known viruses actively search for other Palm resource files to infect. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Palm/". |
| |
| Affects: |
MS PowerPoint 97 (or later) running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Replication: |
The virus runs when some action occurs and infects other PowerPoint files or the main template (Blank Presentation.pot). New presentations created from an infected template will themselves be infected. |
| Naming: |
Anti-Virus reports these viruses with the prefix "PM97/". Prefixes used by other anti-virus vendors include "PP97M". |
|
| Description: |
The prefix in the name of a virus, Trojan or worm explains either what the program does, or which operating system it affects. |
|
| Description: |
PUA is a term used to describe an application that is not inherently malicious, but is generally considered unsuitable for the majority of business networks. Potentially unwanted applications include adware, dialers, remote administration tools and hacking tools. |
|
| Affects: |
Computers with Windows 95/98/Me and Windows NT/2000/XP operating systems. |
| Description: |
Registry viruses attempt to modify the contents of the registry. |
| Replication: |
Infects by a variety of mechanisms. |
| Naming: |
Anti-Virus reports these viruses with the prefix "REG/". |
| |
| Description: |
A fraudulent business scheme or swindle. |
|
| Description: |
A warning about a possible threat which has been greatly exaggerated. |
| |
| Description: |
Spyware is a term used to describe a broad set of applications that send information from a computer to a third party without the user's permission or knowledge. Spyware Trojans and spyware worms are Trojans and Win32 worms that also exhibit behaviour attributed to spyware. |
| |
| Description: |
A spyware Trojan is a seemingly legitimate computer program designed to disrupt and damage computer activity by sending information from a computer to a third party without the user's permission or knowledge. |
| Replication: |
Does not replicate. |
| Naming: |
Anti-Virus reports spyware Trojans with the prefix "Troj/". |
|
| Affects: |
Computers connected to a network running Windows 95/98/Me and Windows NT/2000/XP/2003 operating systems. |
| Description: |
Spyware worm is a term used to describe malware that has the ability to self-replicate without a host program and send information from a computer to a third party without the user's permission or knowledge. |
| Replication: |
Spyware worms spread using Windows networking APIs (Application Programming Interfaces), email, or by exploting vulnerabilities of the operating system or another application. They have identical spreading capabilities to Win32 worms but they also exhibit behaviour attributed to spyware. |
| Naming: |
Anti-Virus reports spyware worms with the prefix "W32/". |
|
| Description: |
The suffix in the name of a virus, Trojan or worm denotes the variant. It is the part of the name that follows a hyphen and will be a letter or letters of the alphabet. |
| |
| Affects: |
Devices running Symbian OS. |
| Replication: |
Infects other Symbian devices using bluetooth. |
| Naming: |
Anti-Virus reports these worms with the prefix "Symb/". |
|
| Description: |
A file that is non-viral but causes anti-virus software to react to it, as if it were a virus. Test files are used primarily as a way for network administrators to check that their anti-virus software has been correctly deployed. makes the EICAR test file (EICAR stands for European Institute for Computer Anti-virus Research) available to its customers for this purpose. |
| Replication: |
Does not replicate. |
| |
| Description: |
A seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Trojans are sometimes used in conjunction with viruses. A backdoor Trojan is a program that allows other computer users to gain access to your computer across the internet. |
| Replication: |
Do not replicate. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Troj/". |
|
| Affects: |
Computers connected to a network running Unix. |
| Replication: |
Unix worms take advantage of flaws in networking code called buffer overflows to gain unauthorised access to remote computers running Unix. Once they have gained access they will begin searching for new machines to infect. They can spread rapidly between computers permanently connected to the internet because they require no user intervention to function. |
| Naming: |
Anti-Virus reports these worms with the prefix "Unix/". |
| |
| Description: |
A computer program that copies itself. Often viruses will disrupt computer systems or damage the data contained upon them. A virus requires a host program and will not infect a computer until it has been run. Some viruses spread across networks by making copies of themselves or may forward themselves via email. The term 'virus' is often used generically to refer to both viruses and worms. |
|
| Description: |
A warning about a non-existent virus. Usually urge users to forward them to everyone they know. |
| |
| Affects: |
Visual Basic scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer. |
| Language: |
Visual Basic Script. |
| Replication: |
Infects other executable files by a variety of mechanisms. Some viruses such as VBS/Dismissed-B use Outlook to distribute infected files by email. |
| Naming: |
Anti-Virus reports these viruses with the prefix "VBS/". |
|
| Affects: |
Visual Basic scripting files, HTML files with embedded scripts, Microsoft Outlook and Internet Explorer. |
| Language: |
Visual Basic Script. |
| Replication: |
Uses IRC or Outlook to email multiple copies of infected files to other people. |
| Naming: |
Anti-Virus reports these worms with the prefix "VBS/". |
| |
| Affects: |
MS Windows 3.0 and 3.1 |
| Replication: |
Infects other executable files by a variety of mechanisms. |
| Naming: |
Anti-Virus reports these viruses with the prefix "Win/". |
|
| Affects: |
MS Windows 95/98/Me, NT or 2000 PE (Portable Executable) files. |
| Replication: |
Infects other executable files by a variety of mechanisms.
Some viruses such as W32/ExploreZip also use Outlook or other programs to distribute infected files by email. |
| Naming: |
Anti-Virus reports these viruses with the prefix "W32/"(earlier versions used "Win32"). |
| |
| Affects: |
Computers connected to a network running Windows 95/98/Me and Windows NT/2000 operating systems. |
| Replication: |
Win32 worms spread using Windows networking APIs, MAPI functions or email clients such as Microsoft Outlook. They may create email messages with the worm program attached or attach themselves to outgoing email messages. A message created by a worm often suggests that the recipient should launch the attachment to see something interesting or important. |
| Naming: |
Anti-Virus reports these worms with the prefix "W32/". Prefixes used by other anti-virus vendors include "Win32". |
|
| Affects: |
MS Windows 95/98/Me PE (Portable Executable) files. |
| Replication: |
Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect.
Some viruses such as W95/Babylonia also distribute infected files by email. |
| Naming: |
Anti-Virus reports these viruses with the prefix "W95/"(earlier versions used "Win95"). |
| |
| Affects: |
MS Windows 98 PE (Portable Executable) files. |
| Replication: |
Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect. |
| Naming: |
Anti-Virus reports these viruses with the prefix "W98/" (earlier versions used "Win98"). |
| |
| Affects: |
MS Windows NT or 2000 PE (Portable Executable) files. |
| Replication: |
Infects other executable files using a variety of mechanisms. |
| Naming: |
Anti-Virus reports these viruses with the prefix "WNT/" (earlier versions used "WinNT"). |
| |
| Affects: |
MS Windows 2000 PE (Portable Executable) files. |
| Replication: |
Infects other executable files. Some viruses become memory resident and infect other programs when they are run. Others actively seek out other files to infect. |
| Naming: |
Anti-Virus reports these viruses with the prefix "W2K/". |
|
| Affects: |
Any version of MS Word running on any operating system. |
| Language: |
Word Basic macro language (used in Word 6 and 95). |
| Replication: |
When an infected document is opened the viral macros are copied to the global template (usually NORMAL.DOT). Other documents automatically load the viral macros from this file when they are opened. |
| Naming: |
Anti-Virus reports these viruses with the prefix "WM/" (earlier versions used "Winword"). |
| |
| Affects: |
MS Word 97 or later running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Description: |
Word 97 macro Trojans are documents which, when opened, have undesirable effects on the system such as deleting files or compromising system security. |
| Replication: |
Does not replicate. |
| Naming: |
Anti-Virus reports these viruses with the prefix "WM97/". Prefixes used by other anti-virus companies include "W97M". |
|
| Affects: |
MS Word 97 or later running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Replication: |
Some of these viruses copy the viral macros into the global template (usually NORMAL.DOT) in the same way as Word macro viruses. This method of transmission does not work with MS Office 97 SR1 or later.
Most of the recent viruses copy the viral macros into another file and modify the global template to import them when another document is opened. |
| Naming: |
Anti-Virus reports these viruses with the prefix "WM97/". Prefixes used by other anti-virus companies include "W97M". |
| |
| Affects: |
MS Word 97 or later running on any operating system. |
| Language: |
VBA5 or later macro language. |
| Replication: |
Uses mail programs such as MS Outlook to automatically send infected files to names listed in the address book. Many of these worms also replicate is the same way as Word 97 macro viruses. |
| Naming: |
Anti-Virus reports these worms with the prefix "WM97/". Prefixes used by other anti-virus companies include "W97M". |
| |
|
| Description: |
A type of virus that does not need a host program. It has the ability to self-replicate and often will use email and the internet to spread. |
| |
| Affects: |
MS Word 2001 on Apple computers. |
| Language: |
VBA6 or later macro language. |
| Replication: |
Some of these viruses copy the viral macros into the global template (usually NORMAL.DOT) in the same way as Word macro viruses. The majority of these viruses are upconverts of existing Word 97 viruses. Most payloads are however Intel specific and do not work. |
| Naming: |
Anti-Virus reports these viruses with the prefix "WM97/". Prefixes used by other anti-virus companies include "W97M". |
|
| Affects: |
Computers with Windows 95/98/Me and Windows NT/2000/XP operating systems. |
| Description: |
Windows Scripting Host is the framework under which JavaScript, Visual Basic Script and ActiveX components execute. A virus, worm or Trojan may use multiple components within this framework. |
| Replication: |
Infects by a variety of mechanisms. |
| Naming: |
If a virus, worm or Trojan uses multiple components within the Windows Scripting Host framework Anti-Virus reports them with the prefix "WSH/". |
|
|