When searching for a virus name, you should be aware of the naming conventions used by Symantec/Norton AntiVirus. Virus names consist of a Prefix, a Name, and often a Suffix.
These are formatted as Prefix.Name.Suffix. For example, WM.Cap.A would be the A variant of the Cap family. The WM means the virus is a Word macro virus. The following prefixes should help you when searching for viruses.
Additional information and explanation of terminology used on the Symantec Security Response Web site may be found in the Glossary and FAQ sections.
PREFIXES
|
A2KM |
Access macro viruses that are native to Access 2000. |
|
A97M |
Access macro viruses that are native to Access 97. |
|
AM |
Access macro viruses that are native to Access 95. |
|
AOL |
Trojan horses that are specific to America Online environments and usually steal AOL password information |
|
BAT |
Batch file threats. |
|
Backdoor |
Threats may allow unauthorized users to access your computer across the Internet. |
|
Bloodhound |
Bloodhound is the name of the Norton AntiVirus heuristic scanning technology for detecting new and unknown viruses |
|
DDos |
Distributed Denial of Service threats. Distributed Denial of Service involves using zombie computers in an attempt to flood an Internet site with traffic. |
|
DoS |
Denial of Service threats. Not to be confused with DOS viruses, which are named without prefixes. |
|
HLLC |
High Level Language Companion viruses. These are usually DOS viruses that create an additional file (the companion) to spread. |
|
HLLO |
High Level Language Overwriting viruses. These are usually DOS viruses that overwrite host files with viral code. |
|
HLLP |
High Level Language Parasitic viruses. These are usually DOS viruses that attach themselves to host files. |
|
HLLW |
A worm that is compiled using a High Level Language. (NOTE: This modifier is not always a prefix, it is only a prefix in the case of a DOS High Level Language Worm. If the Worm is a Win32 file, the proper name would be W32.HLLW.) |
|
HTML |
Threats that target HTML files. |
|
IRC |
Threats that target IRC applications. |
|
JS |
Threats that are written using the JavaScript programming language. |
|
Java |
Viruses that are written using the Java programming language. |
|
Linux |
Threats that target the Linux operating system. |
|
O2KM |
Office 2000 macro viruses. May infect across different types of Office 2000 documents. |
|
O97M |
Office 97 macro viruses. May infect across different types of Office 97 documents. |
|
OM |
Office macro viruses. May infect across different types of Office documents. |
|
PWSTEAL |
Trojan horses that steal passwords. |
|
Palm |
Threats that are designed to run specifically on the Palm OS. |
|
Trojan/Troj |
These files are not viruses, but Trojan horses. Trojan horses are files that masquerade as helpful programs, but are actually malicious code. Trojan horses do not replicate. |
|
UNIX |
Threats that run under any UNIX-based operating system. |
|
VBS |
Viruses that are written using the Visual Basic Script programming language. |
|
W2KM |
Word 2000 macro viruses. These are native to Word 2000 and replicate under Word 2000 only. |
|
W32 |
32-bit Windows viruses that can infect under all 32-bit Windows platforms. |
|
W95 |
Windows 95 viruses that infect files under the Windows 95 operating system. Windows 95 viruses often work in Windows 98 also. |
|
W97M |
Word 97 macro viruses. These are native to Word 97 and replicate under Word 97 only. |
|
W98 |
Windows 98 threats that infect files under the Windows 98 operating system. Will only work in Windows 98. |
|
WM |
Word macro viruses that replicate under Word 6.0 and Word 95 (Word 7.0). They may also replicate under Word 97 (Word 8.0), but are not native to Word 97. |
|
WNT |
32-bit Windows viruses that can infect under the Windows NT operating system. |
|
Win |
Windows 3.x viruses that infect files under the Windows 3.x operating system. |
|
X2KM |
Excel macro viruses that are native to Excel 2000. |
|
X97M |
Excel macro viruses that are native to Excel 97. These viruses may replicate under Excel 5.0 and Excel 95 as well. |
|
XF |
Excel formula viruses are viruses using old Excel 4.0 embedded sheets within newer Excel documents. |
|
XM |
Excel macro viruses that are native to Excel 5.0 and Excel 95. These viruses may replicate in Excel 97 as well. |
SUFFIXES
|
@m |
Signifies the virus or worm is a mailer. An example is Happy99 (W32.Ska), which only sends itself by email when you (the user) send mail. |
|
@mm |
Signifies the virus or worm is a mass-mailer. An example is Melissa, which sends messages to every email address in your mailbox. |
|
dam |
Indicates a detection for files that have been corrupted by a threat, or that may contain inactive remnants of a threat, causing the files to no longer be able to execute properly or produce reliable results. |
|
dr |
Indicates that the detected file is a dropper for another threat. |
|
Family |
Indicates a generic detection for threats that belong to a particular threat family based on viral characteristics. |
|
Gen |
Indicates a generic detection for threats that belong to a particular threat type based on viral characteristics. |
|
Int |
Indicates an intended threat. Threats that are intended to spread, but don't due to bugs or errors in the viral code. |
|
Worm |
Indicates a worm, not a virus. Worms make copies of themselves that they send across a network or using email, or another transport mechanism. |