"HLL" (High Level Language) viruses — Macro viruses for MS Office — Trojan horses — Script viruses — Viruses written for different operating systems and platforms — Silly-viruses — Other viruses

The following prefixes are used in classification:

"HLL." (High Level Language) - the viruses written in high level programming languages (such as C, C++, Pascal, Basic, etc). In some cases the code of the compiled HLL-viruses is packed with different compression utilities (PKLITE, LZEXE, DIET, etc).

There are several classes of HLL-viruses:

• "HLLC." (High Level Language Companion)
  - the virus which employ an infection algorithm based on manipulation of filenames in the file system.
  Generally, the HLLC-viruses rename the original executable file (or move it to another folder) and then use the original executable file name to create the copy of the virus in its place.
• "HLLO." (High Level Language Overwriting) - the viruses which overwrite the data of the affected file.
• "HLLP." (High Level Language Parasitic) - the viruses which infect executable files without any critical damage of the original data of the affected file.
• "HLLW." (High Level Language Worm) - the viruses which do not need any host file to spread. They just copy themselves to disk directories.
• "HLLM." (High Level Language Mass Mailing Worms) - the virus worm programs of mass distribution written in high level programming languages.

Page up

Macro Viruses for MS Office.

These viruses use the features of file formats and built-in macro languages of MS Office applications (Word Basic for MS Word 6.0-7.0; VBA3 for MS Excel 5.0-7.0; VBA5 for MS Office'97; VBA6 for MS Office'2000).

• "WM." - infect MS Word 6.0-7.0 documents and templates
• "XM." - infect MS Excel 5.0-7.0 sheets
• "W97M." - infect MS Word 8.0-9.0 (MS Office'97/2000) documents and templates
• "X97M." - infect MS Excel 8.0-9.0 (MS Office'97/2000) sheets
• "A97M." - infect MS Access'97/2000 databases
• "O97M." - "multi-platform" macro viruses for several MS Office applications simultaneously.

Page up

"Trojan horses"

• "Trojan." - it is a common name for different "Trojan horse" programs.
• "PWS." - password stealing Trojans. Generally, combined with "Trojan." prefix - "Trojan.PWS."
• Backdoor. - it is a Trojan horse program which contains a RAT-function inside (RAT - Remote Administration Tool).

Page up

Script-viruses.

These viruses are written in different script languages. As a rule, VBS-, JS- and WScript- viruses are worms that use email services to spread.

• "VBS." - viruses are written in Visual Basic Script language
• "JS." - viruses are written in Java Script language
• "WScript." - VBS- and/or JS- worms are often embedded in HTML-files
• "BAT." - viruses are written in MS-DOS command interpreter language

Page up

Viruses wriiten for different operating systems and platforms

• "Win." - infects Windows 16-bit executable programs (NE). NE - NewExe - Windows 3.xx executable files format. Some of these viruses can work not only in Windows'3.xx environment but in Win'95/98/NT too.
• "Win95." - infects Windows 32-bit executables (PE and LE(VxD)) and works only in Windows 95/98 environment
• "WinNT." - infects Windows 32-bit executables (PE) and works only in Windows NT environment
• "Win32." - infects Windows 32-bit executables (PE) and works in different Win32-environments - Windows 95/98/NT
• "OS2." - infects OS/2 executable programs (LX) and works only in OS/2 environment
• "Linux." - infects Linux executable programs and works only in Linux environment
• "Java." - viruses which are written in the Java language

Page up

Silly-viruses

These are the viruses which don't have any special characteristic (such as text strings, special effects, etc.) and therefore cannot be given any unique name.

• "SillyC." - non-resident, infect only COM-files
• "SillyE." - non-resident, infect only EXE-files
• "SillyCE." - non-resident, infect only COM- and EXE-files
• "SillyRC." - resident, infect only COM-files
• "SillyRE." - resident, infect only EXE-files
• "SillyRCE." - resident, infect only COM- and EXE-files
• "SillyO." - non-resident viruses which overwrite affected files
• "SillyOR." - resident viruses which overwrite affected files.

Page up

Other

• "IRC." - worms spreading via Internet Relayed Chat channels.

We also use such postfixes

• ".generator" - specifies the so called "Virus constructor" programs themselves.
• ".based" - this suffix means that the virus was generated by specified virus constructor program or that the virus was designed as a generic modification of specified "basic" virus code.
• ".dropper" - it is a common name for "installator" of a specified virus. This is not a virus, but when this "dropper" is run, it produces a virus and installs it into the operating system (into executable file, document, boot sector, etc).

Page up

Back to F.A.Q.

	Support
F.A.Q. - common F.A.Q. - Unix Ask for support Online virus check Send a virus Beta testing

	Important news
08.08 Signature database drw44400.vdb (drw43353.vdb, drw43354.vdb, drw43355.vdb, drw43356.vdb) re-released 25.07 Signature database drw44448.vdb (drw433am.vdb) re-released 23.07 Signature database drw44443.vdb (drw433ah.vdb) re-released 21.07 Signature database drw44449.vdb (drw433an.vdb) re-released 11.07 Corrected verson of Dr.Web SpIDer Guard 4.44 released

	My five cents
What is the screen size of your monitor? 12'' 14'' 15'' 17'' 19'' more than 19'' other