Glossry of Viruses

Most viruses can be cleaned or removed from the infected host files. Special removal instructions are provided for viruses or Trojans that modify the system registry and/or drop files. Generally, to remove Trojans or Joke programs, you just need to delete the program files - no cleaning action is needed.

To keep your computer healthy by catching viruses before they have a chance to infect your PC or network, get the best antivirus solution available today.

Time period
This chart displays the number of computers infected within the last 24 hours (1d), last 7 days (7d), last year (1y), or since detection first became available (All).

Trigger condition or date
This is to indicate the condition or date on which the virus' payload will be triggered. Please note that date-activated viruses may infect your computer 365 days a year. Your computer may be infected by these viruses prior to the date specified.

Trojan
A Trojan horse is a program that performs some unexpected or unauthorized, usually malicious, actions such as displaying messages, erasing files or formatting a disk. A Trojan horse doesn't infect other host files, thus cleaning is not necessary. To get rid of a Trojan, simply delete the program.

Size of macro/malicious code/virus
Indicates the size of the virus code in bytes. This number is sometimes used as part of the virus name to distinguish it from its variants.

Script viruses (VBScript, JavaScript, HTML)
Script viruses are written in script programming languages, such as VBScript and JavaScript. VBScript (Visual Basic Script) and JavaScript viruses make use of Microsoft's Windows Scripting Host to activate themselves and infect other files. Since Windows Scripting Host is available on Windows 98 and Windows 2000, the viruses can be activated simply by double-clicking the *.vbs or *.js file from Windows.

Payload
A virus' payload is an action it performs on the infected computer. This can be something relatively harmless like showing messages or ejecting the CD drive, or something destructive like deleting the entire hard drive.

PE
PE refers to Portable Executable, which is the standard Win32 executable file format. Windows 32-bit viruses are detected "PE_Virusname."

Place of origin
Indicates where a virus is believed to have originated (if known).

Platform
Indicates the computer operating system or application on which a virus can run and perform an infection. Generally, a particular operating system is required for executable viruses and a specific application is needed for macro viruses.

Proof of Concept
A proof of concept virus or Trojan indicates that something is new or that it has never seen before. For example, VBS_Bubbleboy was a proof of concept worm, as it was the first email worm to automatically execute without requiring a user to double-click on an attachment. Most proof of concept viruses are never seen in-the-wild. However, virus writers will often take the idea (and code) from a proof of concept virus and implement it in future viruses.

Special note: Occasionally, you may get an "illegal operation" error when you try to start MS Word after cleaning a Word macro virus. If this happens, search for the file "normal.dot" and rename it to "normaldot.bak." MS Word will generate a new, clean "normal.dot" the next time it is started. This problem occurs because some viruses can leave harmless code residue that MS Word may be reading incorrectly, causing erratic behavior.

NE
NE refers to New Executable, which is the standard Windows 16-bit executable file format. Windows 16-bit viruses are detected as "NE_Virusname."

Password
Some viruses set a password when they infect a document. The main objective of the virus here is to make the document inaccessible. This password can be a word, phrase, or even a randomly generated number.

Macro virus
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel. Unlike other viruses, macro viruses do not infect programs or boot sectors - although a few do drop programs on the user's hard drive. The dropped files may infect executable programs or boot sectors. Macro viruses can be removed safely from the infected document using antivirus products.

Java malicious code
Java applets allow Web developers to create interactive, dynamic Web pages with broader functionality. Java applets are small, portable Java programs embedded in HTML pages. They can run automatically when the pages are viewed. However, hackers, virus writers, and others who wish to cause mischief may use Java malicious code as a vehicle to attack the system. In many cases, the Web browser can be configured so that these applets do not execute by changing the browser's security settings to "high."

Joke programs
Joke programs are ordinary executable programs. They are added to the detection list because they are found to be very annoying and/or they contain pornographic images. Joke programs cannot spread unless someone deliberately distributes them. To get rid of a Joke program, delete the file from your system.

Backdoor
A Backdoor is a program that opens secret access to systems, and is often used to bypass system security. A Backdoor program does not infect other host files, but nearly all Backdoor programs make registry modifications. For detailed removal instructions please view the virus description.

Boot sector viruses
Boot sector viruses infect the boot sector or partition table of a disk. Computer systems are most likely to be attacked by boot sector viruses when you boot the system with an infected disk from the floppy drive - the boot attempt does not have to be successful for the virus to infect the hard drive. Also, there are a few viruses that can infect the boot sector from executable programs- these are known as multi-partite viruses and they are relatively rare. Once the system is infected, the boot sector virus will attempt to infect every disk that is accessed by that computer. In general, boot sector viruses can be successfully removed.

ActiveX malicious code
ActiveX controls allow Web developers to create interactive, dynamic Web pages with broader functionality. An ActiveX control is a component object embedded in a Web page which runs automatically when the page is viewed. In many cases, the Web browser can be configured so that these ActiveX controls do not execute by changing the browser's security settings to "high." However, hackers, virus writers, and others who wish to cause mischief or worse may use ActiveX malicious code as a vehicle to attack the system. To remove malicious ActiveX controls, you just need to delete them.

Aliases
There is no commonly accepted industry standard for naming viruses and malicious mobile code. Each may be known by several different names or aliases.