Combined with the panda incense burning virus, briefly talk about your understanding of the composition mechanism, classification and prevention of the virus.
In fact, as long as we master the naming rules of some viruses, we can judge some common characteristics of viruses by the virus names appearing in the anti-virus software reports.
There are so many viruses in the world that anti-virus companies classify and name them according to their characteristics in order to facilitate management. Although the naming rules of each anti-virus company are different, they are generally named in a unified way.
The general format is: . < virus name >. & lt virus suffix >.
Virus prefix refers to a virus, which is used to distinguish the racial classification of viruses. Different kinds of viruses have different prefixes. For example, the prefix Trojan of our common Trojan virus, the prefix worm of worm virus, and so on.
Virus name refers to the family characteristics of viruses, which is used to distinguish and identify virus families. For example, the last name of the famous CIH virus in the past was unified as "CIH", and the last name of the oscillating wave worm virus in recent days was "Sasser".
Virus suffix refers to the variation characteristics of virus, which is used to distinguish a variant of a specific family virus. Generally, it is represented by 26 letters in English. Like Worm. Sasser.b refers to the variant B of the oscillating wave worm virus, so it is generally called "oscillating wave variant B" or "oscillating wave variant B". If the virus has many variants (which also shows that the virus is tenacious _), it can be identified by mixing numbers and letters.
To sum up, the virus prefix is very helpful for us to quickly determine which kind of virus the virus belongs to. By judging the type of virus, we can have a general evaluation of this virus (of course, this needs to accumulate some knowledge of common virus types, which is beyond the scope of this article). Through the virus name, we can further understand the detailed characteristics of the virus by looking up information and so on. The virus suffix can let us know which variant of the virus is now in your computer.
The following are some common virus prefixes (for our most commonly used Windows operating system):
1, system virus
The prefixes of system viruses are Win32, PE, Win95, W32, W95, etc. The common feature of these viruses is that they can infect *. Exe and *. Dll files of windows operating system and spread through these files. Such as CIH virus.
2. Worm virus
The prefix of worm virus is: worm. The common feature of this virus is that it spreads through network or system vulnerabilities, and most worms have the characteristics of sending toxic emails and blocking the network. Such as shock waves (blocking the network), small postmen (sending poisonous letters) and so on.
3. Trojan virus and hacker virus
The prefix of Trojan virus is Trojan, and the prefix name of hacker virus is generally hack. The common feature of Trojan virus is that it enters the user's system through network or system vulnerabilities and hides it, and then reveals the user's information to the outside world. Hacker virus has a visual interface and can remotely control the user's computer. Trojan horses and hacker viruses often appear in pairs, that is, Trojan viruses are responsible for invading users' computers, and hacker viruses will be controlled by this Trojan virus. Now these two types are more and more integrated. Ordinary Trojans, such as Troy. QQ3344, which is the tail of QQ message, you may encounter more Trojan viruses aimed at online games, such as Trojan. LMir.PSW.60 Here, I would like to add that the names of viruses, such as PSW or PWD, generally indicate that viruses have the function of stealing passwords (these letters are generally abbreviations of "password" in English), and there are also some hacker programs, such as hackers. Net her. Customers, etc.
4. Script virus
Script virus is prefixed with script. The common feature of script viruses is that they are written in script language and spread through web pages, such as Red Team. Script viruses also have the following prefixes: VBS, JS (indicating what script is written), such as VBS. Happy time Js. Wait two weeks.
5. Macro virus
In fact, macro virus is also a kind of script virus. Because of its particularity, it is listed as a separate category here. The prefix of macro virus is: macro, and the second prefix is: Word, Word97, Excel, Excel97 (maybe others). Any virus that only infects WORD97 and previous versions of WORD documents uses Word97 as the second prefix, and the format is: macro. Word97; Any virus that only infects WORD documents after WORD97 adopts WORD as the second prefix, and the format is: macro. Word; Any virus that only infects EXCEL97 and previous EXCEL documents uses Excel97 as the second prefix, and the format is: macro. Excel97; Any virus that only infects EXCEL documents after EXCEL97 takes EXCEL as the second prefix and the format is macro. Excel and so on. The common feature of this kind of virus is that it can infect OFFICE series documents, and then spread through OFFICE general templates, such as the famous Macro.Melissa.
6. Backdoor virus
The prefix of backdoor virus is: backdoor. The common feature of this kind of virus is that it spreads through the network, opening the back door to the system and bringing security risks to users' computers. Like the back door of 54 IRC. Many friends have met IRCBot.
7, virus planting program virus
The common feature of this kind of virus is that it will release one or several new viruses from the body to the system directory when it is running, and the released new viruses will cause damage. Such as: glacier seeder (dropper. Glacier 2.2C), MSN shooter (dropper. Worm.Smibag) and so on.
8. Destructive program virus
The prefix of destructive program virus is: harm. The common feature of this kind of virus is that there are beautiful icons to lure users to click. When a user clicks on this kind of virus, it will directly damage the user's computer. Such as: format disk C (Harm.formatC.f), killer command (Harm. Command. black boy) and so on.
9. Joke virus
The prefix of joke virus is: joke. Also known as prank virus. The common feature of this kind of virus is that there are beautiful icons to lure users to click. When users click on this kind of virus, the virus will do all kinds of destructive operations to scare users. In fact, the virus did not cause any damage to the user's computer. Such as: jokes. Girl ghost virus.
10. Binding machine virus
The prefix of binder virus is: binder. The common feature of this kind of virus is that the virus author will use a specific binding program to bind the virus to some applications such as QQ and IE. On the surface, it is a normal file. When users run these bundled viruses, they will run these applications on the surface, and then hide the bundled viruses, thus causing harm to users. For example, bind QQ(Binder. QQPass.QQBin) and system killer (Binder.killsys).
The above are common virus prefixes, and sometimes we will see some others, but they are rare. Here is a brief mention:
DoS: DoS attacks will be directed at the host or server;
Exploit: it will automatically spread itself by overflowing the other party or its own system vulnerabilities, or it is itself an overflow tool for hacker attacks;
HackTool: Hacking tools may not destroy your machine itself, but they will be used by others, treating you as body double to destroy others.
After you find out a virus, you can preliminarily judge the basic situation of the virus through the above methods, so as to achieve the effect of knowing yourself and yourself. This information will be of great help to you when antivirus can't be automatically killed and you plan to use manual method.