ActiveX malicious code
ActiveX controls allow web developers to create interactive, dynamic
web pages such as HouseCall, Trend Micro's free on-line scanner.
An ActiveX control is embedded into a web page, and runs automatically
when the page is viewed. Crackers, virus writers and others who
wish to cause mischief, or worse, may use malicious ActiveX code
as a vehicle to attack your system. In many cases, by changing
a web browser's security settings to "high", these ActiveX
controls can be contained. To remove malicious ActiveX controls,
all you just have to do is delete them.
Aliases
A single virus may be known by several names, or aliases. There
is no commonly accepted industry standard for naming viruses and
malicious mobile code. See virus types for an explanation of Trend
Micro virus naming conventions.
Boot sector
viruses
Boot sector viruses infect one of two areas of a floppy disk;
either the boot sector or the partition table. Computer systems
are most likely to be attacked by boot sector viruses when you
use an infected floppy disk to boot the system -- in which case,
even a failed
boot attempt can infect the hard drive. Also, there are a few
viruses that can infect the boot sector from usable programs.
These are known as multi-partite viruses. Once a computer is infected,
the boot sector virus will attempt to infect every diskette that
is used in that computer. Generally, boot sector viruses can
be successfully removed.
Date of
origin
Indicates when a virus was first discovered (if known).
Description
This is a brief explanation of a virus listed in the Trend Virus
Encyclopedia. For detailed technical information, click on the
"Tech Details" tab.
Destructive
viruses
In addition to self-replication, computer viruses may be designed
to damage your system, by corrupting or
deleting files, formatting your hard drive, committing denial-of-service
attacks, etc.
Encrypted
viruses
This description indicates that the virus is written in such a
way that average antivirus software are unable to detect it. Trend
Micro antivirus products,
however, are able to detect such viruses.
File infecting
viruses
File infecting viruses infect certain commonly-used programs (generally,
files that have ".com" or ".exe" extensions). Most of these types
of viruses simply try to replicate and spread by infecting other
host programs. However, some inadvertently destroy the program
they infect by changing how the program originally worked. A minority
of file-infecting viruses are very destructive, attempting to
format the hard drive at a pre-determined time or to perform
other malicious acts. In many cases, a file-infecting virus can
be successfully removed from the infected file. If the virus has
changed the program, the original file will be unrecoverable.
In-The-Wild
virus list
This is a list of the most common viruses that have been found
worldwide. The list is compiled by renowned antivirus researcher
Joe Wells. Wells updates the list regularly, working closely with
antivirus research teams around the world, including Trend Micro.
When ICSA (International Computer Security Association) conducts
virus testing of antivirus products, the In-The-Wild virus list
serves as the basis for its comparative analysis. More info: http://www.wildlist.org
Java malicious
code
Java is a computer language that allows web developers to create
interactive, dynamic web pages. Java applets are small, portable
Java programs embedded into HTML pages. They run automatically
when the pages are viewed. Crackers, virus writers and others who
wish to cause mischief, or worse, may use Java malicious code as
a vehicle to attack the system. In many cases, a "high"
web browser security setting can prevent this kind
of infection..
Joke programs
Joke programs are not really viruses. They do not self-replicate.
They are added to the detection list because they have been
known to
be very annoying and/or contain pornographic images. Joke
programs cannot spread unless someone deliberately distributes
them. To get rid of a Joke program, delete the file from your
system.
Language
This refers to the language locale of the platform where the virus
is designed to run, such as Microsoft Word in English or Chinese.
Malware
Malware is a general term used to refer to any unwanted or malicious
programs or mobile code, such as viruses, Trojans, worms and Joke
programs.
Macro virus
Macro viruses use the macro programming language of an application
to distribute themselves. They infect documents such as Microsoft
Word or Excel. Unlike other viruses, macro viruses do not infect
programs or boot sectors - although a few do drop programs on
the user's hard drive. The dropped files may then infect commonly
used programs or boot sectors. Macro viruses can be removed from
the infected document using Trend Micro's antivirus products.
Password
Some viruses set a password when they infect a document. The main
objective of the virus here is to make the document inaccessible
to the computer user. The password can be a word, phrase or even
a randomly generated number.
Payload
A payload is an action a virus performs on the infected computer.
This can be something relatively harmless like showing messages
or ejecting the CD from the CD drive, or something destructive
like deleting the entire hard drive.
Place of
origin
Indicates where a virus is believed to have originated (if known).
Platform
Indicates the operating system or application on which
a virus can run and perform an infection. The platform
for executable viruses is generally a particular operating system, while for macro viruses
its a specific application.
Risk rating
The risk rating of a virus is an assessment of the threat it poses.
It is based on a number of different factors including, but not
limited to, the virus' potential to spread, its destructiveness,
the actual number of cases reported, etc.
Size of
macro/malicious code/virus
Indicates the size of the virus code in bytes. This number is
sometimes used as part of the virus name to distinguish it from
its variants.
Script viruses
(VBScript, JavaScript, HTML)
Script viruses are written in script programming languages, such
as VBScript (Visual Basic Script) and JavaScript. Viruses made
with either of these
two scripts use Microsoft's Windows Scripting Host (WHS) to activate
themselves and infect other files. Since WHS is available on Windows
98 and Windows 2000, the viruses can be activated simply by double-clicking
a malicious *.vbs or *.js file in Windows Explorer.
HTML viruses use the scripts within
HTML files to do their damage. These embedded scripts automatically
come to life the moment the HTML page is viewed from a script-enabled
browser.
Solution
Most viruses can be cleaned or removed from the infected host
files by Trend Micro's antivirus software. Special removal instructions
are provided for viruses or Trojans that modify the system registry
and/or drop files. Generally, to remove Trojans or joke programs,
you just need to delete the program files - no cleaning action
is needed.
|
For
a quick check-up of your PC, use HouseCall - Trend Micro's
FREE on-line virus scanner. This will check for viruses
that may already be on your PC. |
|
To
keep your computer or network healthy by catching viruses
before they have a chance to enter, get the best antivirus
solution available today. Trend Micro offers antivirus
and content security solutions for home users, corporate
users and ISPs. |
Technical
details
The "technical details" section of a Virus Encyclopedia
profile contains specific information about the actions performed
by a virus on the host system. This information is provided to
assist system administrators and users in identifying and removing viruses.
Trigger
condition or date
This indicates the condition or date on which the virus will be
triggered. Please note that the virus may move into your computer
on any day of the year. Without proper antivirus protection, you
won't know the virus is in there until it is too late - the date
the virus reveals itself, doing whatever damage it was designed
to do.
Trojan
A Trojan or Trojan horse is a form of malware that disguises
itself as a legitimate program. It performs unexpected or unauthorized
- usually malicious - actions, such as displaying messages, erasing
files or formatting disks. A Trojan horse doesn't infect other
host files, thus cleaning is not necessary. To get rid of a Trojan,
simply delete the program.
Virus types
Viruses and other malware are classified into various types depending
on their file formats and infection routines. To distinguish among
these types, Trend Micro uses the following prefixes:
Macro
viruses |
W2KM,
W97M, X97M, P97M, A97M, WM, XM, V5M |
COM
and EXE file infectors |
PE,
NE or no prefix |
Boot
sector viruses |
no
prefix |
Trojan
horses |
TROJ |
Joke
programs |
JOKE |
Java
malicious code |
JAVA |
ActiveX
malicious code |
ATVX |
VBScript,
JavaScript or HTML viruses |
VBS,
JS, HTML |
Worm
A computer worm is a self-contained program (or set of programs)
that is able to spread functional copies of itself or its segments
to other computer systems. The propagation usually takes place
via network connections or email attachments. To get rid of a
worm, simply delete the program.
|